Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 23 April 2015 13:32 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CAB41ACD44; Thu, 23 Apr 2015 06:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpDSJAatsmCL; Thu, 23 Apr 2015 06:32:47 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 224641AC42C; Thu, 23 Apr 2015 06:32:47 -0700 (PDT)
Received: by layy10 with SMTP id y10so12752133lay.0; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=T2JAE4yDCmK9jjdh3fPyo7PuI+Tu+HOkXHXQkMwlS4g=; b=xQeAm3+s83fje4QcREcVqTzTN8r3csXXJ472H40BxR11viKE6tWf1kUyuzbi4VNqP/ /iP18n9HN7LOMNG96DnVtAgTgM4oU+kcSrvjHUQ3gE/T1zk/sAeR+cqPOydTJAvTl8Ig 0r7AljLhYdoKN2/Hbm9nVZ310wI96sSRJWghPxe+6qkRAuyEjSUsN3PKXX41uOixUpbt ABW/Yn9oGrOjKqF4OX+htVj4pD6n+C6kNey1m2HSNpgF3ERjpz7Klpw9JWlgJR7Jleqx 16SsLqbiik5F0MTzjmO7NGssJXBqxP+GCekpzGghgzv9sTBYz87ZJ1C8AxGLIfyB+9gY 4tdQ==
MIME-Version: 1.0
X-Received: by 10.152.184.72 with SMTP id es8mr2529471lac.77.1429795965668; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
Received: by 10.152.129.3 with HTTP; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
In-Reply-To: <20150421153635.27696.5302.idtracker@ietfa.amsl.com>
References: <20150421153635.27696.5302.idtracker@ietfa.amsl.com>
Date: Thu, 23 Apr 2015 08:32:45 -0500
Message-ID: <CAKKJt-cxC3hBi_TyQ2-Z3vL-fp1F5LsEio=iRhmx8R8WVP7xXQ@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a1135e50ea293f2051464505a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/byIHa7xRBkb4ClNbUItTPVM9xd4>
Cc: "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "tram@ietf.org" <tram@ietf.org>, draft-ietf-tram-stun-origin.shepherd@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org, Simon Perreault <sperreault@jive.com>, The IESG <iesg@ietf.org>, draft-ietf-tram-stun-origin@ietf.org
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 13:32:50 -0000
Dear Tramsters, On Tue, Apr 21, 2015 at 10:36 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie > wrote: > Stephen Farrell has entered the following ballot position for > draft-ietf-tram-stun-origin-05: Discuss I saw an excellent exchange with Barry on his Discuss for this draft, but haven't seen a response to Stephen's yet. Did I miss it? If the answer is "as Stephen said, it IS a high-level Discuss, and we need to confer before responding", that's fine, or really any other answer could be fine - I just didn't want the draft to get stalled ... Thanks! Spencer > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-tram-stun-origin/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > "Analytics" here together with the MUST include > statements could amount to a fancy way to > describe monetizing people's WebRTC calls in ways > that the end user will just not expect. I'd like > to check that we're not doing that, as it'd > arguably run counter to e.g. RFC7258 or to the > general trend towards data minimisation. And > making privacy worse, even by a little, seems > worse than making it better. (Note: I am here > asking about the STUN/TURN server being perhaps > unnecessarily told the origin, not the risk that > someone sees that in-transit, which is handled in > the draft already.) > > I do agree that the TURN 401-like challenge > use-case is perhaps needed, but I do not see that > other use cases need to see the origin for them > to work at all. And I'm not sure that such a > spoofable origin is so useful for that TURN case, > esp. when there's parallel work on an > authenticated equivalent. (I mean the tram 3rd > party thing.) I also don't see that that is > needed for network management reasons - surely > everything needed for network managment is no > more nor less visible to the STUN or TURN servers > when this is used vs. when this is not used. > > So why are we pushing for this? If it is really > only for so-called "analytics" then is that ok? > (And where can I find a definition of what that > means?) > > Apologies if this discuss seems somewhat high > level, but as well as the general concern, the > last paragraph of the current tram charter seems > to me to me to say that tram ought not make > privacy worse. But maybe I'm missing the > networking function that needs this - if so, I'm > sure someone will point that out. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > > - intro, para 2: STUN only defines two auth modes > that I can see, and you only mention two here - > what's the 3rd one you mean? (Is it DTLS?) > > - What if >1 TURN session with different origins > is being setup from same client/browser? Does > that work? (Say two parallel calls, not the case > where the same resource is being accessed at the > same time loaded from different referring web > pages.) > > - I'd suggest to not allow >1 ORIGIN in a STUN > request? But that discussion seems to be in-hand. > > - section 2: suggest providng similar examples > for all schemes, http(s),sip & xmpp. > > - 2.1 & 2.2: MUST include web origin - couldn't > there be "private browsing" scenarios where that > MUST would be a problem? I'm not suggesting that > the origin exposes very much but I think a SHOULD > would be more appropriate. > > - 2.1 last para: source here means the webrtc > server right? That's a bit ambiguous and would be > better clarified. > > - What is the benefit of sending an empty origin > as opposed to no origin attribute? I don't see > any and the former just advertises that the > client is "privacy sensitive" which seems > incongruous. > > >
- [tram] Stephen Farrell's Discuss on draft-ietf-tr… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Barry Leiba
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault