From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by mail.toke.dk (Postfix) with ESMTPS id EE0647C67BC for ; Thu, 7 Jan 2021 13:07:14 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (1536-bit key) header.d=stroeder.com header.i=@stroeder.com header.b=ArvIejMo DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=stroeder.com; s=stroeder-com-20201114; t=1610021228; bh=gNTWWvs4jtmXHPrabHJh642IYhv/jf5u9EABuH1yFQU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=ArvIejMo9qXy4u+3nayj3VhSk/nHl6535L7BSulNEX9kVXHUdl9x1/Rj3EJGEwHN5 2Eg9cD901xo1yyGCrHXhQvT5wAMSK57ZEejsAUYUEry1oBz35U4Cth5gbyYRg+2vsh oAApdCSpIHTCXebOAV7v4Gl0zsHJQf1ZegkTeWHKwCZaYULnvtte8LXyzs0/4lMihm FHrVQhvGSaV9GduPQXXKZtKXYwLltyrvu/n3gMUYdYF+Olm9wb3Nr3X3cAV To: galene@lists.galene.org References: <1082cfcde178ddb72b51bcd03ee6770a@kn1ght.org> <87zh1zt6ip.wl-jch@irif.fr> <87y2hjt5fx.wl-jch@irif.fr> <87y2hjxa64.fsf@toke.dk> <87r1nau8v0.wl-jch@irif.fr> <87sg7qyaj2.fsf@toke.dk> <87a6tx7olm.wl-jch@irif.fr> <8735zpya4m.fsf@toke.dk> <87r1n4uv0r.wl-jch@irif.fr> From: =?UTF-8?Q?Michael_Str=c3=b6der?= Message-ID: <43734076-b64d-a4ad-bd44-2e3266aa8d07@stroeder.com> Date: Thu, 7 Jan 2021 13:07:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <87r1n4uv0r.wl-jch@irif.fr> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3YQSOWT5T4PERJW4J3KXCUDDGEVM5YBP X-Message-ID-Hash: 3YQSOWT5T4PERJW4J3KXCUDDGEVM5YBP X-MailFrom: michael@stroeder.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: coturn config List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: On 1/1/21 11:55 PM, Juliusz Chroboczek wrote: >> ...And it turns out that I completely misunderstood how this is suppos= ed >> to work: there's not supposed to be any communication between the WebR= TC >> server and Coturn. Rather, there's a configured shared secret that the >> WebRTC server can use to generate as many ephemeral credentials as it >> wants. >=20 > I just pushed an implementation. > [..] > In other words, I've kept the standard configuration syntax, just added > a non-standard value for "credentialType". >=20 > Your turnserver.conf should look like this: >=20 > use-auth-secret > static-auth-secret=3Dsecret > realm=3Dtrun.example.org >=20 > I've done some testing, but I didn't test that it will properly rotate = the > key =E2=80=94 please let me know if it survives 24h. I'm already using this (with git revision d2f7010) since 2+ days. No issues so far. How to ensure that it survived key rotation? Does key rotation affect existing TURN sessions? Maybe some logging would be good. Ciao, Michael.