Re: TURN URL syntax confusion from Harald Alvestrand on 2013-01-24 (public-webrtc@w3.org from January 2013)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Thu, 24 Jan 2013 10:04:15 +0100
To: "Suhas Nandakumar (snandaku)" <snandaku@cisco.com>
CC: Adam Roach <adam@nostrum.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>, "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>, "marc@petit-huguenin.org" <marc@petit-huguenin.org>, "Paul Jones (paulej)" <paulej@cisco.com>
Message-ID: <5100F90F.4010101@alvestrand.no>

On 01/23/2013 06:29 PM, Suhas Nandakumar (snandaku) wrote:
> Hi Adam
>
>    The user part in the URI scheme was hugely debated due to its 
> security implications and was termed as "not-a-good" URI design to 
> include any credentials as part of the URI.
>
> Hence the user part was dropped from the initial proposals after 
> reviews from various standard groups - rtcweb, behave and so on.
>
> We as authors are in the process of taking the drafts 
> (draft-nandakumar-rtcweb-stun-uri-03, 
> draft-petithuguenin-behave-turn-uri-03) to the Last Call and would 
> like to hear if there any blockers in doing so.
The essential part is that the drafts are clear on where the 
authentication information needed by TURN is carried - either inside or 
outside the URI.

Are the Last Calls being targeted to BEHAVE, or are they treated as 
individual submissions and headed for an IETF-wide Last Call only?

>
>
> Thanks
> Suhas
>
> ------------------------------------------------------------------------
> *From:* Adam Roach [adam@nostrum.com]
> *Sent:* Tuesday, January 22, 2013 10:38 AM
> *To:* public-webrtc@w3.org
> *Subject:* TURN URL syntax confusion
>
> In discussing our implementation of STUN and TURN URIs, it became 
> apparent that there is a mismatch between what is currently proposed 
> in the IETF and what is given as an example in the most recent W3C 
> WebRTC editor's draft (as well as assumptions around what parameters 
> are needed for defining an ICE server configuration record).
>
> >From 
> http://tools.ietf.org/html/draft-petithuguenin-behave-turn-uri-03#appendix-A.4
>
>        <username> is not used in the URIs because it is not used to guide
>        the resolution mechanism.
>
> >From 
> http://dev.w3.org/2011/webrtc/editor/webrtc.html#rtcconfiguration-type
>
>> An example array of RTCIceServer objects is:
>>
>> |[ { url:"stun:stun.example.net" } , { 
>> url:"turn:user@turn.example.org", credential:"myPassword"} ]|
>>
>
> These need to be harmonized. I suspect we really need to define 
> RTCIceServer to contain an optional "user" parameter of type 
> DOMString, and give the example as:
>
> [ { url:"stun:stun.example.net" } , { url:"turn:turn.example.org", 
> user:"myUsername", credential:"myPassword"} ]
>
> /a

Received on Thursday, 24 January 2013 09:04:49 UTC