TURN Revised and Modernized

Document Charter TURN Revised and Modernized WG (tram)
Title TURN Revised and Modernized
Last updated 2019-03-27
State Approved
WG State Active
IESG Responsible AD Magnus Westerlund
Charter Edit AD Magnus Westerlund
Send notices to (None)


Traversal Using Relays around NAT (TURN) was published as RFC 5766 in 
April 2010. For a few years, the protocol had seen rather limited 
deployment. This is largely because its primary use case is as one 
of the NAT traversal methods of the Interactive Connectivity 
Establishment (ICE) framework (RFC 5245), and ICE itself was slow 
to achieve widespread adoption, as other mechanisms were already
being used by the VoIP industry. This situation has changed 
drastically as ICE, and consequently TURN, are mandatory to implement 
in WebRTC, a set of technologies developed at the IETF and W3C to 
standardize Real Time Communication on the Web.

Together with the arrival of WebRTC, there is a renewed interest in 
TURN and ICE, as evidenced by recent work updating the ICE framework 
(still in progress), and standardizing the URIs used to access a STUN 
(RFC 7064) or TURN (RFC 7065) server.

The goal of the TRAM Working Group is to consolidate the various 
initiatives to update TURN and STUN to make them more suitable for 
NAT traversal in a variety of environments, whether for realtime 
media establishment protocols such as the Offer-Answer Session 
Description Protocol (RFC 3264), XMPP (XEP-0176), RTSP
(draft-ietf-mmusic-rtsp-nat), and RTCWeb (draft-ietf-rtcweb-jsep), 
or for non-realtime protocols such as HIP (RFC 5770) and RELOAD 
(RFC 6940). The work will include authentication mechanisms,
a path MTU discovery mechanism, an IP address mobility solution for
TURN, and extensions to TURN and STUN.  The Working Group will closely 
coordinate with the appropriate Working Groups, including ICE, RTCWEB, 

In developing upgrades to TURN, the group will consider the passive 
monitoring risks introduced by the centralization of call traffic 
through a TURN server. When such risks arise, they will recommend 
appropriate mitigations.  For example, a mechanism for directing traffic 
to a TURN server other than one configured by the application could be 
used to direct calls through a TURN server configured to do monitoring.  
When such a mechanism is used, it is important that the endpoints to the 
call apply end-to-end encryption and authentication to ensure that they 
are protected from the TURN server.