IETF Logo Mail Archive

[tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt

Karl Stahl <karl.stahl@ingate.com> Thu, 02 February 2017 23:24 UTC

Return-Path: <karl@ingate.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE10D1295C3 for <tram@ietfa.amsl.com>; Thu, 2 Feb 2017 15:24:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MSGID_MULTIPLE_AT=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ingate.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d-GISoFa_4m3 for <tram@ietfa.amsl.com>; Thu, 2 Feb 2017 15:24:02 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10086.outbound.protection.outlook.com [40.107.1.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8713A12953B for <tram@ietf.org>; Thu, 2 Feb 2017 15:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ingate.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zV7ZjNPLF9at1DqcI+0S9l+lTFDlHCHHqr1fpzU+ihs=; b=bhrpJpnXKDaQjGmIhADaET1eyfpS4Re3ThMmkr0d60Qa6KybRZk1lXoYm6JxOogrBEo7WrSiuNNBgN22z2pzV+dm534caCTy9kKEEfM/CMFnyiqk+qOvQnzzXvi2NKONTODUHAEosTmCVWWXaNaE0fGlezi8sO5rp4bjRFCYJvQ=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=karl@ingate.com;
Received: from Kallei7 (90.227.80.227) by VI1PR01MB1840.eurprd01.prod.exchangelabs.com (10.166.40.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 2 Feb 2017 23:23:47 +0000
From: Karl Stahl <karl.stahl@ingate.com>
To: 'Spencer Dawkins at IETF' <spencerdawkins.ietf@gmail.com>, 'Simon Perreault' <sperreault@jive.com>
References: <148427986357.3020.7793783112924549744.idtracker@ietfa.amsl.com> <a4aaffdefb794fb0a1b96f0252b862a9@XCH-RCD-017.cisco.com> <CAKKJt-fUzJJS9SXvbG2=T7PDz6nvHnhBqvHRtm-41BoGJsJC6Q@mail.gmail.com> <b139c913-a052-9397-c5df-7cd7c884cf71@jive.com> <CAKKJt-eh8ZZ=5J0KoY9zUpOhj=r9+ATSOk_hEF=G7qTt78_4-Q@mail.gmail.com>
In-Reply-To: <CAKKJt-eh8ZZ=5J0KoY9zUpOhj=r9+ATSOk_hEF=G7qTt78_4-Q@mail.gmail.com>
Date: Fri, 03 Feb 2017 00:23:41 +0100
Message-ID: <002101d27dab$67718c20$3654a460$@stahl>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0022_01D27DB3.C935F420"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdJ8z9WM3wLttKcVT92GpVaMZnXDdgAZVe8g
Content-Language: sv
X-Originating-IP: [90.227.80.227]
X-ClientProxiedBy: DB6PR0501CA0023.eurprd05.prod.outlook.com (10.172.232.161) To VI1PR01MB1840.eurprd01.prod.exchangelabs.com (10.166.40.26)
X-MS-Office365-Filtering-Correlation-Id: d053e5c3-cfe5-454c-f716-08d44bc28b3f
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:VI1PR01MB1840;
X-Microsoft-Exchange-Diagnostics: 1; VI1PR01MB1840; 3:r5CEu5z2dcytx9ySPzIteu1twPlD0vAH5HNF3afWO3LuqUd10tB0aegHDj3qFtylG5CoFxXV33cGxCa9y8wwu5FBPb5T2gnvLvK7itxD7fYoBJJjbJoW431cfU/AqsT/pwIneApBngStZHg7bkcmyL8IfMqP1HixsJ+HpH+MKCSyFUeb6HUUFsMJGOl9uDKhO3Z0C6IVH36Ua/TUGYq40Yo9rdA6e/QHhTCe6v7EYI3HTfDEn5LEO8VKv10wmHQ14MiSUf1flrrvwW5amKy4Gg==; 25:ZGJfirZ9QQgr4P+wSgNDHTGq922XVurAlLVYh26WC12J8q3BuqKGWycCvA63bS6FBumjp2MVZOZINMFzuc1KtzxMmjQYD7xIJvaXGfagTTo3Z4UPV/SaVAczAF7gLfZMxRqY2mw8nVj7Vqr6UKihi8jRb/lDJiXthYmBv1Px45X1u5BKgm/GDX8jE8LNYvF9N0hGFQft0nkfmMFxqodfFIs/GYwNTD/eWR9VQiW3oePaLwYrLnZynmk8FV/PYiqdM7uUDfJh4O4u956DrDaSMgVOt6jOlJjWrLf1hU0tNV4N85HIvib3hZ6O5qscqwpJXxiO6Bm1T9YIk0Lt7eeJbe5D2a5xiX+NKiul3YvkjBZitKxh5D1AWr6cOxTQgMw8R51DT1r6QWdAvx2Y84iehkSm2AiM8Gb0918uYqEFOWGFlKIYhNKHp6tsSD7w+Xe30DWked8NhnRyBMSuoxwOZQ+qg2o81nMZ/jsLXIxa91T6qS47BJLrygvAmM2QGXbyEPLU7Kmk/4eny5NSf0Dnn5gxsXk4NO5GdXjysKTSKJkjZmx32C6sDEIwsOiibVDr+9oEdxo3J94Ov1IgfA3AmA==
X-Microsoft-Exchange-Diagnostics: 1; VI1PR01MB1840; 31:yfwatlK3dQB7OdSVtI0FjJjBFw/3siNvrP2MRhtQMwqLBpUNekPTxL/LjJbpJQzYTAOHbwk4Pwixxrs1o2ryhQd0o/HpvR94EhDHAgsPnTiJ1kciUqcXbhCnH6tAYEVvMsF+9eBn797h27xYWgAV+wPTBDD4SQ7soTGgefm5VWOM/Kn/w3+psvyUt+ZCe+IMmP4T7VNOREP7qEKnvlJUT9tcDIKjo/RArCs74sZ8cL9HY+3lZjqWSjjMoyRC2xD0H5h5lzi5we07W2G3EqHwVvA2lBhg1vEIjfNRUFy6UyG3OJtMRna0o9kYnrjpAHwOrGA6OVJwbraCr9y+gsf+E6H3K9g2JsoIcBsLtgFDTSA=
X-Microsoft-Antispam-PRVS: <VI1PR01MB18400A4D8C775D8C290DF8B1B14C0@VI1PR01MB1840.eurprd01.prod.exchangelabs.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(192374486261705)(100405760836317)(95692535739014)(21748063052155);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(102415395)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041248)(20161123558025)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(6072148); SRVR:VI1PR01MB1840; BCL:0; PCL:0; RULEID:; SRVR:VI1PR01MB1840;
X-Microsoft-Exchange-Diagnostics: 1; VI1PR01MB1840; 4:563K1f6ZWhmOJpHKb6uFNRBctu0fZdKmcAwB58s30JMkzbjmhoraGKGu7zZb1X0xRQ/5P1zXXqvkQl0tPJoCOHPfdDkJoM1zFtTt3+wLdq3BosLdFYI8G6XHBcajc0ynCQcvuMzLprZcws7aALoeYhvhkbIiHGKM2l+zgLCkRSn+4sT5QLBv5En2bP4xt/Qxxwvyo3DEdd+6nrxBuo0PZds0UPluRORTsMEHHc7VaP8W2rhtw7Tnvj9s/6RzMLvYD/0+T0J/fGi/KT1s4v9GCy62LlBAZ6JzqG9TWuBATF9FuKDJd1I6EtQeiOmKNfpD5+y7JmGea5KiPmkS04VJGwrZFReqaWi3piib52esuRddIGfGYb6UwkBVx4KlTGDy92R9Xq6u+N9TxOvg0pNLnsz8nvm8CRydaPPxZJBaAl1LpsOtfZNSdapv75oajhlUDaS4/0qFx6bkBVNHukaaS81neGnphsPkWQ3Gq1TvntbdETOdTClQyCyFlguSFhzwK3glCqo9n5AKM9GjNH5ehvBAMHYrePaI8MraxUpbLK5ZUhRpK0/IAUjyvsmLL/Asfp7FLw0x3UcQ5l4uK9TAYVl9VZqnbYRXVcTvVTp7Flwxet3cfThaySozaECD2DcCyvb9Gux2/BJFACdbrA68Z7BAIoV51ZdfdieQaDcXcA3s+CPn/v3dQRiWq6LXVDFe80LQ+zTeAk6f8tn61vNRiQ4ri5nyGhLLGh1KAW3kZAFugbVdjXkOy+keFDP3U6NaD01og6dMeD9R3G50LSSSfutMBRSvOJpIOGGtjldZjE3PNLTCLlNlEkfasAuqFaHu
X-Forefront-PRVS: 02065A9E77
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(7916002)(39450400003)(377424004)(24454002)(199003)(377454003)(51914003)(189002)(1420700001)(81166006)(4620100001)(6496005)(81156014)(8666007)(9686003)(54896002)(25786008)(54906002)(33646002)(7736002)(63106013)(6306002)(7826002)(5890100001)(4810100001)(102836003)(6116002)(790700001)(3846002)(236005)(606005)(93886004)(21440400001)(61793004)(50226002)(1560700002)(68736007)(6486002)(44736005)(21480400002)(2950100002)(92566002)(53936002)(6666003)(2476003)(38730400001)(14726001)(66066001)(4610100001)(8676002)(4326007)(5660300001)(39060400001)(568964002)(512874002)(7416002)(189998001)(97736004)(36756003)(18717965001)(230783001)(84116002)(84326002)(567704001)(5001770100001)(96836002)(105586002)(76176999)(106356001)(71636004)(101416001)(7906003)(2906002)(50986999)(42186005)(61296003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR01MB1840; H:Kallei7; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: ingate.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;VI1PR01MB1840;23:kQKNTnNjsyHbPoLeQRAeLiY6gHQb8zXj9Gxukxo1DdqnF+Z0EnVqISl9oNhqHCXRXEzpHdjFEazxgYCW0qszd/dyPLsoh8GrrQdxpMd7Bmrc6/uwGODtGNqOys8bRFeYNZ1oYkdRfSgHJtv7sRIJV2SRhV0/hp6K+QYewp15mqbA8v/tGnH1vpbYB89za/alybKE9tWlwwH/tdn7kM6QSsBhCac25j/B4PiSwkkX4yf8+qf7QLx2Gu48ukb8WQnmPxsdZ/+kWr9M0Vdu1ET/QaaJ0QiauzdMp/8dxNuVJGFDimhjR6Hcmdc8OuMuPxvdiJ8oqiOnwrPHJuM9oN5fMc7HE8oFqbMNG/lxhz8OZ2h/MzIZ+dgGzo51wFxuwC40F/tb3dvyl50qZ1tTL0PIoGsm6UUjYUB5Y2Y9l/Jl3kDbplqaArrUqXEEapPtfsFd3D0CjKa7HZa8drLbTI0RUaD00FRLoS6JUAxCRwlh1W4kTpW2ZvDg4kr+XkUVATkAgmzDvY9TnARsqyHwPXDSyXgF5My4U79sJGGDMyEWDK5pDKU/GHPBLtGbxw2P4ZM4NVsAb+3kQ3J+hnGEXIPz1Ch1BiqdL9371Qv1eCB+o5xb0Mifg/LNnI5XRe1f3JAl3clVzcuapEZKAEntzSpcwd4CPISzeqtrlz04H0wog4zhSaRPOPypYQjG1xMtnrS4xixHTXXlxoTtEKVF2Rkgh6NFSIeNWheT4dD8IrdaKhIRFo/q9J1csYv4CVY1YjPKSap4HGSyyxWk+mAUFWpW3oFAQrRJbMlkAIyR8PUX7NousNeou/+wLDt9Hl+2E3tfbCEbNOO9chULUK2hIw/iP8BQ0MmJZfYKpEB2Hrjx8KUP56n1qd7R7e8kUEGy1zA/LZhzJCa36xNZiP39Z2bBicHljtOsCv5iHX8qTOfv9UjL2l+E46/KUSDVeFlKbvbh3X1J8PnyCyEOd1SvBIpiQ+7CCt4Wh07M9eHFwhXlmqb5g9kP3d/c3VjQ3xUMdKaYHnjAOs3TiatymaRjYaRdrtyAxza4bJsbA7DYcclxoGWsePdrCHTL4bx+1AeNAdolL2yu+EdSpLbf9dsqbMnQMaiU9LrxVCswik2Yh1x4tbBPVGA6GkQRFJYt4Zy3qHrCl8E8HppglXwlo68bzq/nfT/q5m2L//zyg0xXc5Fx8obtYXmwiuFql1Q227CV6ZZPIXuf0afXkAgf+9mIXn2oUSwtii2OvNH8VM73a+ZFtOf7D8Ds5NWiK10D6ZKCULaSmMlUCv1x24S5SSierNn1byawsvj2kOLcg/dukJLtO/z/H5DlqjSWzS/l7RZXBfPb4Tr5BK1HP25q8FooKEJRrbpOjAIcp/FHZ/5pnzHF5oITeSweK6AwtpGB5qBFPpxZn0Zmgy1nlkRJMr1zwdmZZe1n4QHHcQYj1D9vQCysDi10Vsg/v9swNx/hGIWuJJ4KJNaaxHKIaapzAKo2xXMteiOoSbEcsa6WLcNqpOwl/+edobLn1C7VDJZAb5QsusXtXKwiSSC3niX/ke0tdfA/1pJdVSnBM5hmQNIi3/NNrp3BLSYYcKw70G0gqUmJ1w6fpz1inl8oK8CqXKWkxE9INQ576EasShIu6hsT+Io8pKS713daBIiFUNHAd60VkMsmx11aRS2k6oPHVRxSWL1PCtIE71dlAlq1SWeT883fWsm7BvkCN+fxGhoGYhgJMZIwX+4HSKl3Ecr5+/1W1KqOiwZ67u/WlfAlu67Nw85RY3gk3PeM9JEug6SoTtdm244gOlC+TckH/g5A8MTSHORK2xiGjUK55G6BK60pMyO7/kU=
X-Microsoft-Exchange-Diagnostics: 1; VI1PR01MB1840; 6:lvQdWehgdsGFC8UBgxQHLcmRqw7MI6PoZjptUdJzMbqkCgQbVjH8KGcRemW8z13R4/dnbpvTKFAKfORevljkXHCtccAvBLNnhgFH0ojCXD87BxUusFvA1WgK8SSg9cmDjiLs04lv1ep7donpPlgg5pUKG8eZWNaQlRKfmSeFCIGCm9+8yRQpxugOfw4Z5ztL1eykS/OKfGjv+dZtGvDxXb2zzFgkmI/GzwqaC+Ey4J/4Hp4BrFqzldmGWcTOksiKx2brc0YxjIVPue8yxnnzXuMqIbKw692bZkjaxM9p9xpKtREoM51KQQ6rC0Gc3odWzMvohT6YCaz1NvfugGJaWrPSqJm8n9ADfEjrCtogL8gj2F7ajZXfY05FigsxPXQ2NpZrb6nn69hRKU7emR9hrQ==; 5:TlQYU8rYkvGUgoykWCPosAr8iuK/Zwe5DvcvZdvlvD5NES5k9FbF43q+TNKMHrK7OBydN35T0fyPxGDDV9ovqdEasZZkaq1hLq/lnjmC374cf0gb7g+5oJgam+TjDlTlVjo3q7bQt3XLuOezII+Urw==; 24:Msfr92T5znAHpaxp4xKxSMxieNEM4wyTcjiOPe1eIKzH7038r0+yvhZcMkAzQc8NivwlU+8SPpNAlAhF16O2/wioKVUfQAJR83Ttd6Vpwzs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; VI1PR01MB1840; 7:FZOJcR+mYrTEBZND8Agv7uYHfaO+tRJh/CphTS4qcQ1Qljm1grvok4cRdf38OBB7nX6Gp7jMvZP1V2t1qtO8SByAg2KPRWXBqrv20uLRIKGEJ3nmU8ZaPJkRO5dTMtY3gEaxs6uTA/NF34eS3FrSuvrDfa9Kzp/p9mkQfdMj5kCUwZBwgbA6wnFAvsKyioe5XrJFR74isOkJ8e9jf3E5vc5Dzi19TlA3C1vh2wij5cI+2ZWjELinD7XHdR64KE782Pxc1J63BZOrSkIa8YLBMF+ElOARfKSwz0WkraCYRH+jgiOsL1e8kwX6ilf3xLLnCP4ZxT9r+QtBZn4oXw228xZ2ATG6zNaJAAyx7KoCs2SlrJ2SmyiVCYdJueYCinepM92PEMpjwlUd1dA2VSXB4Fw/6pFwUwVkq9crxkM9UnLnLEame/7yoesg9aJV/FRLoobknIgtuzQ+NBLKTGqF9rTIZKWM9tWHs0m4gbbj6Arz2OEkrAjSXDj0zuuldxjktPKdZU4kRODz9FEMJgZHew==
X-OriginatorOrg: ingate.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Feb 2017 23:23:47.9159 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR01MB1840
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/zmac5KIyI77E4B_JswnBwDqCtrM>
Cc: tram@ietf.org, "'Tirumaleswar Reddy (tireddy)'" <tireddy@cisco.com>
Subject: [tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 23:24:05 -0000

The -12 version of the draft does not include major remedies of flaws that were un-addressed long before the DISCUSS, nor the latest regarding the possible use of (D)TLS for auto discovered turn servers provided the local or access network administrator, see

https://www.ietf.org/mail-archive/web/tram/current/msg02216.html 

 

For the latest discussed, see

 

https://www.ietf.org/mail-archive/web/tram/current/msg02279.html 

>> However, I think we need agreement on the justification for such a

> change.

> [Karl] Justification is in the (A), (B), (C) and (D) of

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02254.html> https://www.ietf.org/mail-archive/web/tram/current/msg02254.html

> where saying Binding instead Allocate, is necessary to achieve (A) and (B), and improves (C) and (D).

 

Brandon> It is true that you have provided a justification for the change.

 

https://www.ietf.org/mail-archive/web/tram/current/msg02296.html 

The (D)TLS mandating was Author's idea to throw into version -10 during the discuss and remains in this version -11, breaking the consensus text since version -7.

 

https://www.ietf.org/mail-archive/web/tram/current/msg02297.html

STUN dummy authentication instead of (D)TLS as suggested by Oleg Moskalenko

 

 

I have inserted my (now edited and adopted to the latest) redlining, removal of blue options etc. into the -12 draft text as attached, for the author to copy from and paste.

 

Without my red lining, current version -12 is in conflict with RFC7478 (Web Real-Time Communication Use Cases and Requirements)  and does not meet the need of [I-D.ietf-rtcweb-return] (Recursively Encapsulated TURN) (see under redlined 7.2)

and it does not do what was set out in the Charter and “Milestone 3: TURN server auto-discovery mechanism for enterprise and ISPs”

 

Further, the authors have in version -12 (compared to from before DISCUSS)  changed the text “  6.  Discovery using Anycast “ to:

 <https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt> https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt

“IP anycast can also be used for TURN service discovery.  A packet

   sent to an anycast address is delivered to the "topologically

   nearest" network interface with the anycast address.  Using the TURN

   anycast address, the only two things that need to be deployed in the

   network for discovery are the two things that actually use TURN.

 

   When a client requires TURN services, it sends a TURN allocate

   request to the assigned anycast address.  A TURN anycast server

   performs checks 1 to 7 discussed in Section 6.2 of [RFC5766].  If all

   checks pass, the TURN anycast server MUST respond with a 300 (Try

   Alternate) error as described in Section 2.9 of [RFC5766]; The

   response contains the TURN unicast address in the ALTERNATE-SERVER

   attribute.  For subsequent communication with the TURN server, the

   client uses the responding server's unicast address.  This has to be

   done because two packets addressed to an anycast address may reach

   two different anycast servers.  The client, thus, also needs to

   ensure that the initial request fits in a single packet.  An

   implementation may choose to send out every new TURN Allocation

   request to the anycast address to discover the closest and the most

   optimal unicast address for the TURN server.”

 

The highlighted “A TURN anycast server”  is nothing known nor described (in fact there would have to be TWO TURN servers, one deployed at the anycast address and another TURN server deployed at the unicast address, reacting differently to the Allocation request) for this to work as clarified in WG discussions with Simon). 

 

The last sentence “An  implementation may choose to send out every new TURN Allocation request to the anycast address to discover the closest and the most optimal unicast address for the TURN server.” violates security and deployment considerations (see red lined considerations in attached).

 

Further, the authors have in version -12 (compared to from before DISCUSS)  changed the text “7.2.  Recursively Encapsulated TURN “ to:

 <https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt> https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt

“WebRTC endpoints SHOULD treat any TURN server discovered through the

   mechanisms described in this specification as an enterprise/gateway

   or access network server, in accordance with Recursively Encapsulated

   TURN [I-D.ietf-rtcweb-return].”

 

The text is a contradiction, since the return draft deals with TURN servers provided by the local or access network, not other TURN servers discovered by this draft.

 

Current -12 draft cannot be considered to be an RFC!

 

I suggest the redline version of draft -12 attached is chimed into now and quickly merged into a version -13, so we can avoid the "Conflict Resolution and Appeals" process hinted about in

https://www.ietf.org/mail-archive/web/tram/current/msg02202.html, further delaying what is needed for Internet real-time communication and especially for WebRTC.

 

/Karl 

 

Från: tram [ <mailto:tram-bounces@ietf.org> mailto:tram-bounces@ietf.org] För Spencer Dawkins at IETF
Skickat: den 1 februari 2017 22:12
Till: Simon Perreault
Kopia:  <mailto:tram@ietf.org> tram@ietf.org; Tirumaleswar Reddy (tireddy)
Ämne: Re: [tram] I-D Action: draft-ietf-tram-turn-server-discovery-12.txt

 

Hi, Simon,

 

On Thu, Feb 2, 2017 at 6:00 AM, Simon Perreault < <mailto:sperreault@jive.com> sperreault@jive.com> wrote:

Le 2017-02-01 à 15:37, Spencer Dawkins at IETF a écrit :
> Dear TRAMsters,
>
> On Fri, Jan 13, 2017 at 12:59 PM, Tirumaleswar Reddy (tireddy)
> < <mailto:tireddy@cisco.com> tireddy@cisco.com <mailto: <mailto:tireddy@cisco.com> tireddy@cisco.com>> wrote:
>
>     This revision addresses comments from Brandon.
>
>     -Tiru
>
>
> How close are we to asking Terry to clear the (last remaining) DISCUSS?

Thanks for the reminder.

If my co-chair and the authors have no objection, I think we're ready.

 

I'll give this 24 hours for people to chime in, but I do want to ping Terry. 

 

It's a little-appreciated thing, but AD ballot positions go away when ADs go away; this document has 12 yes/no objections now, and you need 10 for approval, and three are from ADs who are stepping down in March ;-)

 

Spencer

v2.23.0 | Report a Bug | By Email