Security/Encryption and Firewall/NAT info

Open forum for all suggestions and feature requests from the community

Security/Encryption and Firewall/NAT info

Postby habassa5 » Wed Dec 05, 2012 10:13 pm

Can you guys give us a detailed, holistic update on the iOS webRTC:

* Security and Encryption architecture (Btw, I saw a reference somewhere to DTLS-SRTP)?
* Firewall/NAT traversal (including protocols, ports, etc)?

A detailed overview would be very helpful (the forums only offer a few tidbits), and a whitepaper all the better. Even if you haven't implemented everything, it would be great to comprehensively determine what is here now and what's on the roadmap.

Thanks a lot!

+Salim
Was this post helpful? (0)
habassa5
 
Posts: 31
Joined: Mon Mar 05, 2012 4:32 pm
Thumbs Up: 1

Re: Security/Encryption and Firewall/NAT info

Postby don » Thu Dec 06, 2012 4:33 pm

Hi Salim,

With regards to the ports we're using in iOS for the WebRTC stack, we require the following:

OpenTok:
80
5560

WebRTC Media:
It's random and we don't currently plan on changing its behavior in its current form. It's recommended that UDP traffic is not blocked on your network and you should be in a good position.

STUN is used to determine the best port pairs between clients and negotiate UDP/TCP connections for media

Security and Encryption:
SRTP is used in WebRTC, using 128bit AES encryption

The future:
Chrome 24 will introduce support for TURN which will allow us to tunnel UDP traffic for networks that block it and get around tricky NATs between two different clients.


If you have any more specific questions about WebRTC you can refer to: http://www.webrtc.org/reference/webrtc-internals

The WebRTC source is here: http://code.google.com/p/webrtc/source/browse

If you have any other specific questions regarding our platform, please contact bizdev@tokbox.com and we can assist you further!
Was this post helpful? (0)
don
 
Posts: 148
Joined: Wed Dec 14, 2011 1:45 pm
Thumbs Up: 11

Re: Security/Encryption and Firewall/NAT info

Postby habassa5 » Tue Dec 11, 2012 2:33 pm

Hi Don, thanks a lot, this was very helpful.
Was this post helpful? (0)
habassa5
 
Posts: 31
Joined: Mon Mar 05, 2012 4:32 pm
Thumbs Up: 1

Re: Security/Encryption and Firewall/NAT info

Postby Miro » Sat Dec 29, 2012 10:34 am

don wrote:The future:
Chrome 24 will introduce support for TURN which will allow us to tunnel UDP traffic for networks that block it and get around tricky NATs between two different clients.


Hi Don,

(all following is regarding the WebRTC)

I'm trying it with Chrome Beta (24.0.1312.45), Chrome Dev (25.0.1364.5 dev) and even with the Chrome Canary (26.0.1373.0) and none of them seems to work behind the firewall (getting error message 1008).

They do work only when I open both TCP *AND* UDP ports 1024:65535, which, of course, defies the purpose of firewall.

What is still not clear to me - are future Chrome versions (>=24) going to work through the firewall without opening ANY TCP/UDP ports?

I understand that each firewall has its own inner workings which I have to figure out, but a precise description of which ports, in which direction should be opened would greatly help me.

And there's another thing that puzzles me - I don't have to open any ports for demo https://opentokrtc.com to work, and it even works with the current Chrome (23.0.1271.101)...

Thank you,
Best regards,
Miro
Was this post helpful? (0)
Miro
 
Posts: 4
Joined: Sun Dec 23, 2012 8:30 pm
Thumbs Up: 0

Re: Security/Encryption and Firewall/NAT info

Postby song » Tue Jan 01, 2013 9:40 pm

Hi Miro,

Like Don said, Future Chrome versions (>=24) WebRTC will probably introduce support for TURN, which basically means that we would have the control to channel the media streams through a specific port instead of a whole range of ports currently. This allows us to tell network administrators which port to open up to allow OpenTok Video streams.

OpenTokRTC.com could be working because it is connecting via HTTPS, which in some cases bypasses firewall limitations.

Song
Was this post helpful? (0)
song
 
Posts: 1686
Joined: Tue Jan 17, 2012 12:50 pm
Thumbs Up: 5

Re: Security/Encryption and Firewall/NAT info

Postby Miro » Wed Jan 02, 2013 12:00 pm

Hi Song,

Thank you for your time and answer but if you read my question more thoroughly, I wrote that I have already tested it with all currently available "future" versions and none of them worked. That's what puzzles me... :)

And yes, it also occurred to me that the demo site works because of HTTPS protocol but I still have to learn why ;)

Best regards,
Miro
Was this post helpful? (0)
Miro
 
Posts: 4
Joined: Sun Dec 23, 2012 8:30 pm
Thumbs Up: 0

Re: Security/Encryption and Firewall/NAT info

Postby habassa5 » Wed Feb 06, 2013 11:44 pm

Are STUN/TURN/ICE supported in iOS WebRTC clients?
Was this post helpful? (0)
habassa5
 
Posts: 31
Joined: Mon Mar 05, 2012 4:32 pm
Thumbs Up: 1

Re: Security/Encryption and Firewall/NAT info

Postby habassa5 » Tue Mar 05, 2013 10:16 am

Are STUN/TURN/ICE supported in iOS WebRTC clients?
Was this post helpful? (0)
habassa5
 
Posts: 31
Joined: Mon Mar 05, 2012 4:32 pm
Thumbs Up: 1

Re: Security/Encryption and Firewall/NAT info

Postby jtsai » Tue Mar 05, 2013 2:23 pm

No, they are not supported right now.

John
Was this post helpful? (0)
User avatar
jtsai
 
Posts: 4974
Joined: Wed Sep 14, 2011 3:00 pm
Thumbs Up: 192

Re: Security/Encryption and Firewall/NAT info

Postby habassa5 » Sat Mar 09, 2013 1:49 am

Hi John, up above Don said STUN is supported in the iOS WebRTC client? Can you also share some info on your roadmap, particularly for TURN on iOS clients?
Was this post helpful? (0)
habassa5
 
Posts: 31
Joined: Mon Mar 05, 2012 4:32 pm
Thumbs Up: 1

Re: Security/Encryption and Firewall/NAT info

Postby jtsai » Mon Mar 11, 2013 2:31 pm

Stun isn't supported on iOS yet. Don was referring to the web version. We don't have a roadmap for STUN and TURN on iOS yet. We're hoping within a few months.

John
Was this post helpful? (0)
User avatar
jtsai
 
Posts: 4974
Joined: Wed Sep 14, 2011 3:00 pm
Thumbs Up: 192


Return to Suggestions



Who is online

Users browsing this forum: No registered users and 0 guests

cron