IETF Logo Mail Archive

Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips

Emil Ivov <emcho@jitsi.org> Fri, 07 August 2015 02:25 UTC

Return-Path: <emcho@sip-communicator.org>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 098651B4068 for <mmusic@ietfa.amsl.com>; Thu, 6 Aug 2015 19:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5slyNSWqkBzS for <mmusic@ietfa.amsl.com>; Thu, 6 Aug 2015 19:25:18 -0700 (PDT)
Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18B171B4063 for <mmusic@ietf.org>; Thu, 6 Aug 2015 19:25:17 -0700 (PDT)
Received: by obbop1 with SMTP id op1so69863035obb.2 for <mmusic@ietf.org>; Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=bYdfo3I6vDImBvXmPvh2vGuDIbWwHwXpG6o3Aa7z7tU=; b=ft7jReETbEmk9N6HEFanqHTSnobhSpOi/q/oQfhjcDnrvgXRfZUUUJwXryenkv5HYB eIKT/6rehSHFxICrxjm30G8i1R3pafHbPQpSc3rxO2SeugiUTFpDgI4FE0lf4EZgCKru vN6kRCQAJRg0VEte9hvSkzY16dVmR8pSYCmxSHEMHp3sDHKVXJh7q2vz+h0RJKMZI/lV eep8+Rb93zivu6XMn31KsHFWniRor6YSvGiNFifKQFpcfao5OctODcV0OkRuHQyoxj3o BYCk0kuc3VGa4TzS6TIaEPKa7GVJvKOwCligl/yezTu6chU0+Iy/A1Ja6ykYdxGOmX4z cInA==
X-Gm-Message-State: ALoCoQm1E82KqB+8HoTpo8+NAfwNwI0cxmqJZsGRO29Vo7cS3iNUtERNR01gTZLhFuDbBOUCzjln
X-Received: by 10.60.157.41 with SMTP id wj9mr4412548oeb.72.1438914317360; Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
Received: from mail-oi0-f45.google.com (mail-oi0-f45.google.com. [209.85.218.45]) by smtp.gmail.com with ESMTPSA id w8sm5156526oec.7.2015.08.06.19.25.16 for <mmusic@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
Received: by oio137 with SMTP id 137so46433066oio.0 for <mmusic@ietf.org>; Thu, 06 Aug 2015 19:25:16 -0700 (PDT)
X-Received: by 10.202.77.144 with SMTP id a138mr4313768oib.32.1438914316644; Thu, 06 Aug 2015 19:25:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.83.167 with HTTP; Thu, 6 Aug 2015 19:24:57 -0700 (PDT)
In-Reply-To: <CAOJ7v-02F-4bM18p8JKap5PzjrsQROiXPd4xxXkCUJq9WQzW4w@mail.gmail.com>
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie> <55C24C09.8020404@goodadvice.pages.de> <55C256C8.80606@jive.com> <CAOJ7v-3hyFhHiFq4eujLznXtehkUSxZati8YZ23o-RPLH=J5zg@mail.gmail.com> <F144FF61-AAC6-4E0A-B08E-0E3F9B487F1B@vidyo.com> <CAOJ7v-0Z4fmWjVaeiAJh=rpYPjUsk_k8_=g8CrecAZQWtRG1AQ@mail.gmail.com> <CABkgnnXubczrXpR+YHeF1+zNrNoPNMH_XdB1+pCAGZ9LQn0UXw@mail.gmail.com> <CAOJ7v-2PaLr8XLdVxfPY=YYzeQuoj49qypUTUr=wdbmSiMZO7A@mail.gmail.com> <CAPvvaaK9xxxfmVOjE_UtX_Z6RzLe3RjR-Q=55F_Mp-9X1Li0Sg@mail.gmail.com> <CAOJ7v-02F-4bM18p8JKap5PzjrsQROiXPd4xxXkCUJq9WQzW4w@mail.gmail.com>
From: Emil Ivov <emcho@jitsi.org>
Date: Thu, 06 Aug 2015 19:24:57 -0700
Message-ID: <CAPvvaaJBcONiXY=Wp60nxTD=ZFiOJ162ocuqDAj9=fQ8YKdqOA@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/-X7zgI5ZBfT8AvKgnsnblwOXbgA>
Cc: Jonathan Lennox <jonathan@vidyo.com>, mmusic <mmusic@ietf.org>, "tram@ietf.org" <tram@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 02:25:20 -0000

On Thu, Aug 6, 2015 at 5:46 PM, Justin Uberti <juberti@google.com> wrote:
>
>
> On Thu, Aug 6, 2015 at 5:11 PM, Emil Ivov <emcho@jitsi.org> wrote:
>>
>> On Thu, Aug 6, 2015 at 5:01 PM, Justin Uberti <juberti@google.com> wrote:
>> >
>> >
>> > On Thu, Aug 6, 2015 at 1:51 PM, Martin Thomson
>> > <martin.thomson@gmail.com>
>> > wrote:
>> >>
>> >> On 6 August 2015 at 13:08, Justin Uberti <juberti@google.com> wrote:
>> >> > I think that we should be able to avoid pairing candidates obtained
>> >> > from
>> >> > application TURN servers with RFC 1918 addresses. The app/browser
>> >> > clearly
>> >> > knows which is which.
>> >>
>> >> I'm concerned here that if we let the application choose, we lose the
>> >> defence we were looking to gain.  I think that perhaps 1918 pairing
>> >> could be restricted to TURN servers that are configured/discovered,
>> >> "proxy"-style.
>> >
>> >
>> > Sorry, that is what I was trying to say. The browser knows which turn
>> > servers are "proxies" vs app servers, and can apply the 1918 filtering
>> > on
>> > the pairings from the candidates from the app TURN server.
>>
>> I don't think Jonathan's concerns only apply to proxies though. You
>> can just as well have apps developed for specific networks and there
>> is no reason to prevent those from working.
>>
>> > Agree with your enumeration of concerns as well. Also #5, they consume
>> > bandwidth (at least from client to TURN server), which affects maximum
>> > check
>> > rate in some cases.
>>
>> Why can't we address this by TURN servers simply refusing to create
>> permissions for candidates they know they won't be able to reach?
>
>
> That is one potential solution, which would solve #1/#4/#5.

So, let's say that Alice calls Bob using SuperApp.

Alice sends her 10.0.0.1 address to SuperApp's server, which then
sends it to Bob.

So Bob and SuperApp now know about Alice's 10.0.0.1 but there's no way
around this. Bob, could be in the same network as Alice so it has to
try her private address.

Next, Bob installs 10.0.0.1 on the TURN server provided by SuperApp,
which also now learns about 10.0.0.1. As long as that server is hosted
by the same people as SuperApp (which we can probably consider as the
common case) then we haven't leaked anything.

If the TURN server is hosted by a third party (SuperTURN) then
SuperTURN do get to learn a little bit of extra information, namely
that Alice's public address has a private network in the 10.0.0.0
range behind it and that 10.0.0.1 is being used by someone.

That's all though.

SuperTURN should have no other information regarding Alice and what
little it just learned was not hard to guess any way.

So I am not sure exactly what we are trying to solve here.

Emil


-- 
https://jitsi.org

v2.23.0 | Report a Bug | By Email