On 01/23/2013 06:29 PM, Suhas Nandakumar (snandaku) wrote:
> Hi Adam
>
> The user part in the URI scheme was hugely debated due to its
> security implications and was termed as "not-a-good" URI design to
> include any credentials as part of the URI.
>
> Hence the user part was dropped from the initial proposals after
> reviews from various standard groups - rtcweb, behave and so on.
>
> We as authors are in the process of taking the drafts
> (draft-nandakumar-rtcweb-stun-uri-03,
> draft-petithuguenin-behave-turn-uri-03) to the Last Call and would
> like to hear if there any blockers in doing so.
The essential part is that the drafts are clear on where the
authentication information needed by TURN is carried - either inside or
outside the URI.
Are the Last Calls being targeted to BEHAVE, or are they treated as
individual submissions and headed for an IETF-wide Last Call only?
>
>
> Thanks
> Suhas
>
> ------------------------------------------------------------------------
> *From:* Adam Roach [adam@nostrum.com]
> *Sent:* Tuesday, January 22, 2013 10:38 AM
> *To:* public-webrtc@w3.org
> *Subject:* TURN URL syntax confusion
>
> In discussing our implementation of STUN and TURN URIs, it became
> apparent that there is a mismatch between what is currently proposed
> in the IETF and what is given as an example in the most recent W3C
> WebRTC editor's draft (as well as assumptions around what parameters
> are needed for defining an ICE server configuration record).
>
> >From
> http://tools.ietf.org/html/draft-petithuguenin-behave-turn-uri-03#appendix-A.4
>
> <username> is not used in the URIs because it is not used to guide
> the resolution mechanism.
>
> >From
> http://dev.w3.org/2011/webrtc/editor/webrtc.html#rtcconfiguration-type
>
>> An example array of RTCIceServer objects is:
>>
>> |[ { url:"stun:stun.example.net" } , {
>> url:"turn:user@turn.example.org", credential:"myPassword"} ]|
>>
>
> These need to be harmonized. I suspect we really need to define
> RTCIceServer to contain an optional "user" parameter of type
> DOMString, and give the example as:
>
> [ { url:"stun:stun.example.net" } , { url:"turn:turn.example.org",
> user:"myUsername", credential:"myPassword"} ]
>
> /a