Recursively Encapsulated TURN (RETURN) for Connectivity and Privacy in WebRTC
draft-schwartz-rtcweb-return-01

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Author Benjamin Schwartz 
Last updated 2014-08-22
Replaced by draft-ietf-rtcweb-return
Stream (None)
Intended RFC status (None)
Formats pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        B. Schwartz
Internet-Draft                                                    Google
Intended status: Standards Track                         August 22, 2014
Expires: February 23, 2015

 Recursively Encapsulated TURN (RETURN) for Connectivity and Privacy in
                                 WebRTC
                    draft-schwartz-rtcweb-return-01

Abstract

   In the context of WebRTC, the concept of a local TURN proxy has been
   suggested, but not reviewed in detail.  WebRTC applications are
   already using TURN to enhance connectivity and privacy.  This
   document explains how local TURN proxies and WebRTC applications can
   work together.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 23, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Schwartz                Expires February 23, 2015               [Page 1]
Internet-Draft                   RETURN                      August 2014

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Connectivity  . . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Privacy . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Concepts  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Proxy . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  Virtual interface . . . . . . . . . . . . . . . . . . . .   5
     3.3.  Proxy configuration leakiness . . . . . . . . . . . . . .   5
     3.4.  Sealed proxy rank . . . . . . . . . . . . . . . . . . . .   5
   4.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  ICE candidates produced in the presence of a proxy  . . .   5
     4.2.  Leaky proxy configuration . . . . . . . . . . . . . . . .   6
     4.3.  Sealed proxy configuration  . . . . . . . . . . . . . . .   6
     4.4.  Proxy rank  . . . . . . . . . . . . . . . . . . . . . . .   6
     4.5.  Multiple physical interfaces  . . . . . . . . . . . . . .   6
     4.6.  Unspecified leakiness . . . . . . . . . . . . . . . . . .   7
     4.7.  Interaction with SOCKS5-UDP . . . . . . . . . . . . . . .   7
   5.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   7
     5.1.  Firewalled enterprise network with a basic application  .   7
     5.2.  Conflicting proxies configured by Auto-Discovery and
           local           policy  . . . . . . . . . . . . . . . . .   8
   6.  Diagrams  . . . . . . . . . . . . . . . . . . . . . . . . . .   9
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  11
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  11
     10.2.  Informative References . . . . . . . . . . . . . . . . .  11
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   TURN [RFC5766] is a protocol for communication between a client and a
   TURN server, in order to route UDP traffic to and from one or more
   peers.  As noted in [RFC5766], the TURN relay server "typically sits
   in the public Internet".  In a WebRTC context, if a TURN server is to
   be used, it is typically provided by the application, either to
   provide connectivity between users whose NATs would otherwise prevent
   it, or to obscure the identity of the participants by concealing
   their IP addresses from one another.

   In many enterprises, direct UDP transmissions are not permitted
Show full document text