IETF Logo Mail Archive

Re: [tram] FW: New Version Notification for draft-reddy-tram-turn-ipaddress-privacy-00.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Fri, 06 February 2015 14:28 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81A511A1AE5 for <tram@ietfa.amsl.com>; Fri, 6 Feb 2015 06:28:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ac4MEJY6EtOg for <tram@ietfa.amsl.com>; Fri, 6 Feb 2015 06:28:45 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 162701A1A96 for <tram@ietf.org>; Fri, 6 Feb 2015 06:28:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19080; q=dns/txt; s=iport; t=1423232925; x=1424442525; h=from:to:cc:subject:date:message-id:mime-version; bh=PImokc9Ctp+btWWXIFFKzZsCbSs9qEKS30XKIXjzOYk=; b=NLOOZraaB+UJjet4FEcwDOwt9Qx8lKfYHHwcOMiGjUzDz8HI2BX1iunD yXY9DImL99cDNVF6KekOeReHcRkj64bJIls+HsASGGxCSQSdCWzi1TDPl jyzaKUbW+UEl2viHNfFuX4ZjmjGSEL58LilAv2QH+LFs4/nmZAhYC1H6H w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiMHAJHO1FStJV2P/2dsb2JhbABagkNDUloEgn29OTyBYAELhW8CHH9DAQEBAQF9hAwBAQEEAQEBIApBCQISAQgRBAEBCx0DAgQlCxQIAQkBBAENBQiIJQ2/M5YAAQEBAQEBAQEBAQEBAQEBAQEBAQEBF49HLQQGgmkugRMFjxqDUIZzNoJNgkaMDCKCBxcUgTxvAYFDfgEBAQ
X-IronPort-AV: E=Sophos;i="5.09,529,1418083200"; d="scan'208,217";a="393983519"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-7.cisco.com with ESMTP; 06 Feb 2015 14:28:44 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t16ESiPa002377 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 6 Feb 2015 14:28:44 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.160]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.03.0195.001; Fri, 6 Feb 2015 08:28:44 -0600
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "Hutton, Andrew" <andrew.hutton@unify.com>, Justin Uberti <juberti@google.com>
Thread-Topic: [tram] FW: New Version Notification for draft-reddy-tram-turn-ipaddress-privacy-00.txt
Thread-Index: AdBCGTIyExgr6Ut5RQSqGDxpzpP/og==
Date: Fri, 06 Feb 2015 14:28:43 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A3553A767@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.48.194]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A3553A767xmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/lQcl6gydw4viT6GH90Nwdq2StVg>
Cc: Simon Perreault <sperreault@jive.com>, Benjamin Schwartz <bemasc@webrtc.org>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] FW: New Version Notification for draft-reddy-tram-turn-ipaddress-privacy-00.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2015 14:28:47 -0000

Inline [TR]

From: Hutton, Andrew [mailto:andrew.hutton@unify.com]
Sent: Friday, February 06, 2015 4:19 PM
To: Justin Uberti; Tirumaleswar Reddy (tireddy)
Cc: Simon Perreault; Benjamin Schwartz; tram@ietf.org
Subject: RE: [tram] FW: New Version Notification for draft-reddy-tram-turn-ipaddress-privacy-00.txt

On a first read I am also rather skeptical about handing this privacy function over to the TURN server.

[TR] Please clarify why this is a concern ?
If privacy is provided let’s say using Tor or anonymous VPN service then the endpoint is trusting these services.

The draft introduces the first argument I have seen against using https://tools.ietf.org/html/draft-schwartz-rtcweb-return-03 in that it states:

“If the third party offered TURN server can provide IP address privacy then the application can avoid TURN-in-TURN mechanism discussed in[I-D.schwartz-rtcweb-return<http://tools.ietf.org/html/draft-reddy-tram-turn-ipaddress-privacy-00#ref-I-D.schwartz-rtcweb-return>] and thus avoid the overhead of using RETURN proxying”.

However it does not seem to me that the overhead of using a RETURN proxy is really that significant given that the RETURN proxy is likely to be close to the client in the enterprise proxy/firewall or in the access network.

[TR] The application provided TURN server may not always be close to the endpoint or the user may not trust the application server. RETURN proxying is certainly useful in certain scenarios and this draft helps client determine if RETURN proxying is required not. This draft can be used with RETURN proxying, for example based on the ‘privacy’ need conveyed the client the  application provided TURN server may point the client to an alternate TURN server which can meet the client’s ‘privacy’ needs.

-Tiru

Andy





From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Justin Uberti
Sent: 06 February 2015 00:51
To: Tirumaleswar Reddy (tireddy)
Cc: Simon Perreault; Benjamin Schwartz; tram@ietf.org
Subject: Re: [tram] FW: New Version Notification for draft-reddy-tram-turn-ipaddress-privacy-00.txt

I agree with Simon and Ben in being skeptical about this proposal.

The client is the only party which knows exactly what 'privacy' means, and there is no trivial way to serialize this into a single attribute for the TURN server.

As such, I think this decision should be left entirely to the client.

On Wed, Feb 4, 2015 at 10:50 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:
I agree that the client can do equally well itself, by sending a STUN Binding Request and comparing the response to the TURN server's own IP address.

[TR3] The difference this draft brings in is that it helps the TURN server (offered by a global or cloud service) to determine that the client wants privacy and level of privacy required conveyed in the new STUN attribute, the TURN server determines suitable alternate TURN server that can offer the required level of privacy.

-Tiru

_______________________________________________
tram mailing list
tram@ietf.org<mailto:tram@ietf.org>
https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email