From mboxrd@z Thu Jan 1 00:00:00 1970 From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1610021650; bh=UjpoXFV2amUVPqbbRXL0ozA3A2juECv035phlVF/Oq0=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Aq1jv/jmZN9ZwrSxGBaj5PbPdsGi09/Gucu35E7hz8aTzq6lj4XVkxOJxS0qVCe/B 57DdvVPCuFEqoW2JdfsfuB74GlmJwVOCMs+DShuLkWsSM6e67D0w3iJCq2wO6PpFMO cWpkt7MRSUbak7J3E6nFUle3xUF13sWq52T3vzp5YWgwSC7Bg2vTsNO9F9boSMWW75 jhWFEWH3KiO8TTiATlqt4owd1zyxtAUcNE+fQ6+Gm3JBBXdrWvOq7qAorHtVTSz9a0 51NHF8mxq6uFVR5J+T/PDRXGn4xdDGulcErk6aCpvMLRmnJS8vo1fa5TGrm+2UU+Oa nT5bAvSvKwEYQ== To: Michael =?utf-8?Q?Str=C3=B6der?= , galene@lists.galene.org In-Reply-To: <43734076-b64d-a4ad-bd44-2e3266aa8d07@stroeder.com> References: <1082cfcde178ddb72b51bcd03ee6770a@kn1ght.org> <87zh1zt6ip.wl-jch@irif.fr> <87y2hjt5fx.wl-jch@irif.fr> <87y2hjxa64.fsf@toke.dk> <87r1nau8v0.wl-jch@irif.fr> <87sg7qyaj2.fsf@toke.dk> <87a6tx7olm.wl-jch@irif.fr> <8735zpya4m.fsf@toke.dk> <87r1n4uv0r.wl-jch@irif.fr> <43734076-b64d-a4ad-bd44-2e3266aa8d07@stroeder.com> Date: Thu, 07 Jan 2021 13:14:10 +0100 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87ft3dj65p.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: PEUH7ZWA4SMLWRRGIGLUXRMTINZM6FFU X-Message-ID-Hash: PEUH7ZWA4SMLWRRGIGLUXRMTINZM6FFU X-MailFrom: toke@toke.dk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: coturn config List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Michael Str=C3=B6der writes: > On 1/1/21 11:55 PM, Juliusz Chroboczek wrote: >>> ...And it turns out that I completely misunderstood how this is supposed >>> to work: there's not supposed to be any communication between the WebRTC >>> server and Coturn. Rather, there's a configured shared secret that the >>> WebRTC server can use to generate as many ephemeral credentials as it >>> wants. >>=20 >> I just pushed an implementation. >> [..] >> In other words, I've kept the standard configuration syntax, just added >> a non-standard value for "credentialType". >>=20 >> Your turnserver.conf should look like this: >>=20 >> use-auth-secret >> static-auth-secret=3Dsecret >> realm=3Dtrun.example.org >>=20 >> I've done some testing, but I didn't test that it will properly rotate t= he >> key =E2=80=94 please let me know if it survives 24h. > > I'm already using this (with git revision d2f7010) since 2+ days. No > issues so far. > > How to ensure that it survived key rotation? > Does key rotation affect existing TURN sessions? > > Maybe some logging would be good. +1 on the logging - in particular at startup. I messed up the JSON syntax and didn't notice until the video started failing for some people... -Toke