Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPhone/iPad/iPod and Facetime

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Fri, 4 Mar 2011 18:59:56 -0600
This hasn't hit my radar - is Apple providing or referencing STUN/TURN services w/ Facetime?  Sorta like Skype does 
with supernodes...

And, if they are, is Facetime doing Skype-stlye peer to peer encryption, or would there be MITM/content sniffing issues 
with the TURN media routing nodes?

   -jml

PS - think about MITM also when considering Teredo and 6to4 transitions mechanisms for IPv6... 

-----Original Message-----
From: Julian Y. Koh
Sent: 2011-03-04 16:34:59
To: Julian Y. Koh;The EDUCAUSE Security Constituent Group Listserv
Cc: 
Subject: Re: [SECURITY] iPhone/iPad/iPod and Facetime


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 4:22 PM -0600 3/4/11, Mark Rogowski wrote:

I would like to hear what you are doing in terms of Apple i* products and
Facetime with your Firewall(s) and wireless networks.  We currently
subscribe to the "unhampered outbound but Firewalled inbound" rule.


FaceTime is built on some pretty standard protocols like SIP, STUN, RTP,
etc.  If you're having issues with providing FaceTime access, you're going
to have problems with any of those protocols.  So it's not really an
Apple/i*/FaceTime issue that you're dealing with - those are just the
products that are now being popularly used and thus exposing the issues
with the network design.

STUN/TURN/ICE should be able to deal with most firewall setups, whether
NAT/PAT is involved or not.

We don't have firewalls in front of most of our network, including our
wireless network, partly for this reason of avoiding problems with various
protocols.  Some firewalls can try to account for those protocols by
munging with traffic even more than they normally do, with varying levels
of success.



-----BEGIN PGP SIGNATURE-----
Version: 9.9.1.287

wj8DBQFNcWjbDlQHnMkeAWMRAliCAJ92U/mUPVxpkmj14sXRlTwVzeCV0QCggBqg
kw/Rd34JdUocx875sJaKtsE=
=5qqY
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Manager, Network Transport                         <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Previous By Date Next
Previous By Thread Next

Current thread: