TRAM - TURN Revised and Modernized IETF 94, Yokohama Wednesday, November 4, 2015 Administrativia =============== 09:00 - Chairs' update Duration: 10 min Brandon Williams: Sent detailed review of STUNBIS, needs to be addressed. Not ready for last call. Justin Uberti: STUNBIS also need a mechanism for smaller MAC. Working-group drafts ==================== 09:10 - TURN Server Auto Discovery draft-ietf-tram-turn-server-discovery-05 Presenter: Prashanth Patil Duration: 10 minutes Andy Hutton: Draft already talks about RTCWEB so should mention RETURN. Informative ref. Justin: RETURN has normative ref to this. This could have an informative ref to RETURN. (Consensus for informative ref to RETURN.) Brandon: Needs more explicit text on validation of (D)TLS server certificates. Prashanth: Ok we can do that. (New revision needed.) 09:20 - An Origin Attribute for the STUN Protocol draft-ietf-tram-stun-origin-06 Presenter: Alan Johnston Duration: 15 minutes Brandon: This provides motivation to lie, for example to get through a firewall. Third party auth's kid is more reliable. We might not have use cases for ORIGIN that we're all in agreement about the usefulness of. Cullen Jennings: For lying to be useful to bypass a firewall, both client and server need to be modified. Third party auth is not practical, too complicated. This is useful by itself and as a building block. Jonathan Lennox: What is the advantage of this over a Host header? Cullen: They're exactly the same. Justin: ORIGIN is not very useful, third party auth is sufficient, no implementer feedback available about usefulness of ORIGIN. Cullen: WG adopted, went through WGLC, was sent to IESG. Now you're not sure if it is useful? Brandon: The new limitations are what makes it less useful. Jonathan: Would a Host header work for you? Brandon: Not really. Questions from chairs: - Nobody thinks this is harmful. - Some people think it is useful. - Nobody has any ideas to make it more useful. Hums: - Who thinks this is useful: moderate hum (~5 people) - Doesn't cover the use-cases anymore: light hum (~2 people) Drafts with clear corresponding milestones ========================================== (none) Extracurricular work ==================== 09:35 - Metadata discovery for third party authorized TURN session draft-reddy-tram-token-metadata-01 Presenter: Brandon Williams Duration: 15 minutes Chris Wendt: This is orthogonal to OAuth and should remain so. Justin Uberti: What is then envisioned use case? Is it third-party TURN server providers? Read the draft: 4 people Thinks this is useful: 1 person Varun: Question is not whether this is useful, but whether we want this standardized. People will do this in various ways regardless. 09:50 - Ufrag Permissions for TURN draft-williams-tram-ufrag-permission-00 Presenter: Brandon Williams Duration: 15 minutes Cullen Jennings: Original goal is to ensure TURN cannot be used to run a general-purpose server. This moves us away from that principle. Brandon: We agree and we explicitly call it out in the security considerations section. It is a tradeoff. Jonathan Lennox: Do you expect this to be useful for ICE TCP? Brandon: That is an open issue. Two people plus the authors have read the draft. Next steps: discuss on the list. 10:05 - Peer-specific Redirection for TURN draft-williams-peer-redirect-01 Presenter: Brandon Williams Duration: 10 minutes Ari Keranen: (Concerned about changes to ICE-bis that this draft requires.) Jonathan Lennox: Is using the alternate server mandatory? Brandon: I would expect it to be advisory. 10:15 - EOF