Difference between revisions of "ReTurn ToDo List"

From reSIProcate
Jump to navigation Jump to search
Line 5: Line 5:
 
* move TLS server settings to configuration
 
* move TLS server settings to configuration
 
* cleanup stun message class so that there are accessors for all data members
 
* cleanup stun message class so that there are accessors for all data members
* Check for unknown attributes
 
 
* Timeout Channel Bindings - currently binding last until the allocation is destroyed
 
* Timeout Channel Bindings - currently binding last until the allocation is destroyed
 
* The server is supposed to prevent a relayed transport address and the 5-tuple from being reused in different allocations for 2 minutes after the allocation expires
 
* The server is supposed to prevent a relayed transport address and the 5-tuple from being reused in different allocations for 2 minutes after the allocation expires
* SASL Prep for unicode passwords (RFC4013)
 
 
* Configuration Framework
 
* Configuration Framework
 
* Multi-threaded support
 
* Multi-threaded support
 
* Bandwidth check
 
* Bandwidth check
 +
* TCP Relay
 +
* Short Term passwords do not make any sense in reTurnServer (outside of RFC3489 backcompat) - they need to be supported on client APIs
 +
 +
 +
===RFC53389 TODO's===
 +
*Username must contain UTF-8 sequence of bytes, and must have been processed by SASLprep
 +
*Realm qdtext or quoted-pair - It must UTF-8 encoded and MUST be less than 128 characters (which can be as long as 763 bytes), and must be processed by SASLprep
 +
*Nonce qdtext or quoted-pair - MUST be less than 128 characters (which can be as long as 763 bytes)
 +
*Software must be a UTF-8 sequence of less than 128 characters (which can be as long as 763 byes)
 +
*The Password used in the HMAC key must be SASLprep processed
 +
*remove quotes and trailing nulls from username, realm.  remove trailing nulls from password before forming MD5 hash for message integrity
 +
*Errorcode Reason Phrase must be a UTF-8 sequence of less than 128 characters (which can be as long as 763 byes)
 +
*need handling for 300 Try Alternate response - currently applications responsibility
 +
*the following values should be configurable
 +
**Initial RTO (default 500ms)
 +
**Rc (default 7)
 +
**Rm (default 16)
 +
*actual RTO should be calculated
 +
*UDP retransmissions should stop if a hard ICMP error is seen
 +
*need to do client side TLS certificate hostname checks after successful handshake
 +
*DNS SRV Discovery - currently only does host record lookup (using ASIO) - _stun._udp, _stun._tcp, _stuns._tcp, _turn._udp, _turn._tcp, _turns._tcp
  
  
 
===Client TODO===
 
===Client TODO===
 
* rework synchronous sockets to use Asynchrous sockets to unify implementation better
 
* rework synchronous sockets to use Asynchrous sockets to unify implementation better
** Note:  synchronous sockets currently do not support long term authentication
 
 
* retries should be paced at 500ms, 1000ms, 2000ms, etc. - after 442, 443, or 444 response - currently applications responsibility
 
* retries should be paced at 500ms, 1000ms, 2000ms, etc. - after 442, 443, or 444 response - currently applications responsibility
* DNS SRV Discovery - currently only does host record lookup (using ASIO)
 
* implement 300 Try-Alternate response - currently applications responsibility
 
* use of a calculated RTO for retransmissions
 
* TLS client- post connect/handshake server hostname validation
 
 
* keepalive usage??
 
* keepalive usage??
 
* add option to require message integrity - depends on usage - ICE
 
* add option to require message integrity - depends on usage - ICE

Revision as of 19:00, 23 November 2008

General TODO

  • reduce library use - remove BOOST and/or rutil requirement - remove ASIO for client??
  • allow multiple interfaces to be used for relay
  • per user allocation quota enforcement
  • move TLS server settings to configuration
  • cleanup stun message class so that there are accessors for all data members
  • Timeout Channel Bindings - currently binding last until the allocation is destroyed
  • The server is supposed to prevent a relayed transport address and the 5-tuple from being reused in different allocations for 2 minutes after the allocation expires
  • Configuration Framework
  • Multi-threaded support
  • Bandwidth check
  • TCP Relay
  • Short Term passwords do not make any sense in reTurnServer (outside of RFC3489 backcompat) - they need to be supported on client APIs


RFC53389 TODO's

  • Username must contain UTF-8 sequence of bytes, and must have been processed by SASLprep
  • Realm qdtext or quoted-pair - It must UTF-8 encoded and MUST be less than 128 characters (which can be as long as 763 bytes), and must be processed by SASLprep
  • Nonce qdtext or quoted-pair - MUST be less than 128 characters (which can be as long as 763 bytes)
  • Software must be a UTF-8 sequence of less than 128 characters (which can be as long as 763 byes)
  • The Password used in the HMAC key must be SASLprep processed
  • remove quotes and trailing nulls from username, realm. remove trailing nulls from password before forming MD5 hash for message integrity
  • Errorcode Reason Phrase must be a UTF-8 sequence of less than 128 characters (which can be as long as 763 byes)
  • need handling for 300 Try Alternate response - currently applications responsibility
  • the following values should be configurable
    • Initial RTO (default 500ms)
    • Rc (default 7)
    • Rm (default 16)
  • actual RTO should be calculated
  • UDP retransmissions should stop if a hard ICMP error is seen
  • need to do client side TLS certificate hostname checks after successful handshake
  • DNS SRV Discovery - currently only does host record lookup (using ASIO) - _stun._udp, _stun._tcp, _stuns._tcp, _turn._udp, _turn._tcp, _turns._tcp


Client TODO

  • rework synchronous sockets to use Asynchrous sockets to unify implementation better
  • retries should be paced at 500ms, 1000ms, 2000ms, etc. - after 442, 443, or 444 response - currently applications responsibility
  • keepalive usage??
  • add option to require message integrity - depends on usage - ICE