WebRTC 中 TURN 服务器的问题
Questions on TURN server in WebRTC
我已经阅读了详细解释 TURN 协议的 RFC 5766。但是,我有一些基本问题,在下载并安装开源 TURN 服务器 COTURN 后我无法弄明白。
什么是 TURN 服务器的客户端?它是第一个发起 WebRTC 调用的浏览器吗? TURN 服务器为客户端创建一个分配,针对特定的对等点。现在在 WebRTC 中,我们谈论点对点通信。在 RFC 中,它讨论了客户端-服务器-对等通信。客户端和服务器之间的所有 requests/responses 都是 TURN 驱动的,而对等方和 TURN 服务器之间的那些只是转发 to/from 客户端的 UDP 数据消息。
我的第二个问题更具体到 COTURN。 "turn_secret"table中的"value"字段是什么,用的是where/when吗? iceservers 的"credential" 属性 是否通过使用HMAC over (credentials, realm and username) 对应于turnusers_lt table 中的hmackey? "turn_secret" table 的 "value" 字段在哪里?
tl;dr:TURN 秘密用于限制 TURN 凭据的泄漏,它是使用 REST api(doc)
的 TURN 身份验证的一部分
来自 coturn docs:
In WebRTC, the browser obtains the TURN connection information from the web server. This information is a secure information - because it contains the necessary TURN credentials. As these credentials are transmitted over the public networks, we have a potential security problem.
If we have to transmit a valuable information over the public network, then this information has to have a limited lifetime. Then the guy who obtains this information without permission will be able to perform only limited damage.
This is how the idea of time-limited TURN credentials appeared. This security mechanism is based upon the long-term credentials mechanism. The main idea is that the web server provides the credentials to the client, but those credentials can be used only limited time by an application that has to create a TURN server connection.
你可以看看这个 answer TURN 秘密用法示例。
我已经阅读了详细解释 TURN 协议的 RFC 5766。但是,我有一些基本问题,在下载并安装开源 TURN 服务器 COTURN 后我无法弄明白。
什么是 TURN 服务器的客户端?它是第一个发起 WebRTC 调用的浏览器吗? TURN 服务器为客户端创建一个分配,针对特定的对等点。现在在 WebRTC 中,我们谈论点对点通信。在 RFC 中,它讨论了客户端-服务器-对等通信。客户端和服务器之间的所有 requests/responses 都是 TURN 驱动的,而对等方和 TURN 服务器之间的那些只是转发 to/from 客户端的 UDP 数据消息。
我的第二个问题更具体到 COTURN。 "turn_secret"table中的"value"字段是什么,用的是where/when吗? iceservers 的"credential" 属性 是否通过使用HMAC over (credentials, realm and username) 对应于turnusers_lt table 中的hmackey? "turn_secret" table 的 "value" 字段在哪里?
tl;dr:TURN 秘密用于限制 TURN 凭据的泄漏,它是使用 REST api(doc)
的 TURN 身份验证的一部分来自 coturn docs:
In WebRTC, the browser obtains the TURN connection information from the web server. This information is a secure information - because it contains the necessary TURN credentials. As these credentials are transmitted over the public networks, we have a potential security problem.
If we have to transmit a valuable information over the public network, then this information has to have a limited lifetime. Then the guy who obtains this information without permission will be able to perform only limited damage.
This is how the idea of time-limited TURN credentials appeared. This security mechanism is based upon the long-term credentials mechanism. The main idea is that the web server provides the credentials to the client, but those credentials can be used only limited time by an application that has to create a TURN server connection.
你可以看看这个 answer TURN 秘密用法示例。