TURN Revised and Modernized
|TURN Revised and Modernized WG (tram)
|TURN Revised and Modernized
|Charter edit AD
|Send notices to
Traversal Using Relays around NAT (TURN) was published as RFC 5766 in
April 2010. For a few years, the protocol had seen rather limited
deployment. This is largely because its primary use case is as one
of the NAT traversal methods of the Interactive Connectivity
Establishment (ICE) framework (RFC 5245), and ICE itself was slow
to achieve widespread adoption, as other mechanisms were already
being used by the VoIP industry. This situation has changed
drastically as ICE, and consequently TURN, are mandatory to implement
in WebRTC, a set of technologies developed at the IETF and W3C to
standardize Real Time Communication on the Web.
Together with the arrival of WebRTC, there is a renewed interest in
TURN and ICE, as evidenced by recent work updating the ICE framework
(still in progress), and standardizing the URIs used to access a STUN
(RFC 7064) or TURN (RFC 7065) server.
The goal of the TRAM Working Group is to consolidate the various
initiatives to update TURN and STUN to make them more suitable for
NAT traversal in a variety of environments, whether for realtime
media establishment protocols such as the Offer-Answer Session
Description Protocol (RFC 3264), XMPP (XEP-0176), RTSP
(draft-ietf-mmusic-rtsp-nat), and RTCWeb (draft-ietf-rtcweb-jsep),
or for non-realtime protocols such as HIP (RFC 5770) and RELOAD
(RFC 6940). The work will include authentication mechanisms,
a path MTU discovery mechanism, an IP address mobility solution for
TURN, and extensions to TURN and STUN. The Working Group will closely
coordinate with the appropriate Working Groups, including ICE, RTCWEB,
MMUSIC, and HTTPBIS.
In developing upgrades to TURN, the group will consider the passive
monitoring risks introduced by the centralization of call traffic
through a TURN server. When such risks arise, they will recommend
appropriate mitigations. For example, a mechanism for directing traffic
to a TURN server other than one configured by the application could be
used to direct calls through a TURN server configured to do monitoring.
When such a mechanism is used, it is important that the endpoints to the
call apply end-to-end encryption and authentication to ensure that they
are protected from the TURN server.