IETF Logo Mail Archive

Re: [tram] Path Forward for STUN ORIGIN - how to match

Martin Thomson <martin.thomson@gmail.com> Thu, 27 August 2015 18:54 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317731B3C50 for <tram@ietfa.amsl.com>; Thu, 27 Aug 2015 11:54:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lUt7KkRAcGs2 for <tram@ietfa.amsl.com>; Thu, 27 Aug 2015 11:54:56 -0700 (PDT)
Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2121D1B3C3C for <tram@ietf.org>; Thu, 27 Aug 2015 11:54:43 -0700 (PDT)
Received: by ykll84 with SMTP id l84so30219001ykl.0 for <tram@ietf.org>; Thu, 27 Aug 2015 11:54:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=kL10HS5SEp4s6B0SjNBlDOQS4t70kIPV8u/HigkVHpM=; b=dus8IG32HUSQu+OBagU7mGdf70iEbtQ5p+QAj/YxpTwP6TqHB1AxrgGzfFnO+TTHUc N4deqLUM3FZr4EUbj9aBQPrHStPp7OBJt46zHiScbbucw07i4Rz92GtR01hX64GWbcRq +9ORM/Kc5I5ZpSiZAOdyvAaByuLC2J5adj4UizXKQWbLvIf9jraR2vIVfCcSN+7LV3xE CR0mi0wmUZ9Q08PdDO7Iku2QtxaV/Gb0VGmJ1IHGq2sWq6UIYPEF0nelNACN1I/csv+s DdrBt10Goiry5VpzkL2p4H353zrtJLPaPfOMpsKFSL8Ef57kQoWVp3zQTq/S3aDoSOEb gp3g==
MIME-Version: 1.0
X-Received: by 10.129.49.200 with SMTP id x191mr4890917ywx.56.1440701682384; Thu, 27 Aug 2015 11:54:42 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Thu, 27 Aug 2015 11:54:42 -0700 (PDT)
In-Reply-To: <042FB94E-E3B7-431C-9EC7-D9DF7406756E@iii.ca>
References: <CAKhHsXGwB1vovKQYaGnoZ1MuzREbDA8cTp4sCePNc6=saKN5BA@mail.gmail.com> <042FB94E-E3B7-431C-9EC7-D9DF7406756E@iii.ca>
Date: Thu, 27 Aug 2015 11:54:42 -0700
Message-ID: <CABkgnnXEadJATa5ciwev+WUCz=AZtniMLG41F_MP+xivzmODzw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Cullen Jennings <fluffy@iii.ca>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/yB3laQlEJoumZ--ciXcR8MAYx3Q>
Cc: Alan Johnston <alan.b.johnston@gmail.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] Path Forward for STUN ORIGIN - how to match
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 18:54:57 -0000

On 27 August 2015 at 06:49, Cullen Jennings <fluffy@iii.ca> wrote:
> I could live with A,B, or C, but I think that C provides the best privacy, is the easiest to understand, and meets the requirements so I favor a match rule where we match the whole host found in the TURN or STUN URI to the host part of the HTTP ORIGIN. I don't care about matching if the origin is secure or not or ports.


If this is the path chosen, I agree that C is best.  (We don't match
certificates on port numbers, so I see no point in greater granularity
here either).

v2.23.0 | Report a Bug | By Email