Re: TURN URL syntax confusion from Gonzalo Salgueiro on 2013-01-24 (public-webrtc@w3.org from January 2013)

From: Gonzalo Salgueiro <gsalguei@cisco.com>
Date: Thu, 24 Jan 2013 10:23:14 -0500
To: Harald Alvestrand <harald@alvestrand.no>
Cc: Gonzalo Salgueiro <gsalguei@cisco.com>, "Suhas Nandakumar (snandaku)" <snandaku@cisco.com>, Adam Roach <adam@nostrum.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>, "marc@petit-huguenin.org" <marc@petit-huguenin.org>, "Paul Jones (paulej)" <paulej@cisco.com>
Message-Id: <B26CC41C-AF92-46E9-91B3-3AFDADB80E27@cisco.com>

Harald - 

On Jan 24, 2013, at 4:04 AM, Harald Alvestrand wrote:

> On 01/23/2013 06:29 PM, Suhas Nandakumar (snandaku) wrote:
>> Hi Adam
>> 
>>    The user part in the URI scheme was hugely debated due to its security implications and was termed as "not-a-good" URI design to include any credentials as part of the URI.
>> 
>> Hence the user part was dropped from the initial proposals after reviews from various standard groups - rtcweb, behave and so on.
>> 
>> We as authors are in the process of taking the drafts (draft-nandakumar-rtcweb-stun-uri-03, draft-petithuguenin-behave-turn-uri-03) to the Last Call and would like to hear if there any blockers in doing so.
> The essential part is that the drafts are clear on where the authentication information needed by TURN is carried - either inside or outside the URI.
> 
> Are the Last Calls being targeted to BEHAVE, or are they treated as individual submissions and headed for an IETF-wide Last Call only?

They are AD-sponsored individual submissions that will have the standard 4 week IETF-wide LC.  Feedback welcome.

Cheers,

Gonzalo

> 
>> 
>> 
>> Thanks
>> Suhas
>> 
>> From: Adam Roach [adam@nostrum.com]
>> Sent: Tuesday, January 22, 2013 10:38 AM
>> To: public-webrtc@w3.org
>> Subject: TURN URL syntax confusion
>> 
>> In discussing our implementation of STUN and TURN URIs, it became apparent that there is a mismatch between what is currently proposed in the IETF and what is given as an example in the most recent W3C WebRTC editor's draft (as well as assumptions around what parameters are needed for defining an ICE server configuration record).
>> 
>> >From http://tools.ietf.org/html/draft-petithuguenin-behave-turn-uri-03#appendix-A.4
>> 
>>       <username> is not used in the URIs because it is not used to guide
>>       the resolution mechanism.
>> 
>> 
>> >From http://dev.w3.org/2011/webrtc/editor/webrtc.html#rtcconfiguration-type
>> 
>>> An example array of RTCIceServer objects is:
>>> 
>>> [ { url:"stun:stun.example.net" } , { url:"turn:user@turn.example.org", credential:"myPassword"} ]
>>> 
>> 
>> These need to be harmonized. I suspect we really need to define RTCIceServer to contain an optional "user" parameter of type DOMString, and give the example as:
>> 
>> [ { url:"stun:stun.example.net" } , { url:"turn:turn.example.org", user:"myUsername", credential:"myPassword"} ]
>> 
>> /a
>

Received on Thursday, 24 January 2013 22:21:04 UTC