IETF Logo Mail Archive

[rtcweb] TURN permissions for private ips (was: Re: Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT))

Philipp Hancke <fippo@goodadvice.pages.de> Wed, 05 August 2015 17:47 UTC

Return-Path: <fippo@goodadvice.pages.de>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D461A8919; Wed, 5 Aug 2015 10:47:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UCLo4TLjYZm6; Wed, 5 Aug 2015 10:47:00 -0700 (PDT)
Received: from lo.psyced.org (lost.in.psyced.org [188.40.42.221]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0483F1A88FE; Wed, 5 Aug 2015 10:46:59 -0700 (PDT)
Received: from [192.168.1.202] (71-94-211-114.static.knwc.wa.charter.com [71.94.211.114]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id t75Hl6Nh022690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 5 Aug 2015 19:47:08 +0200
Message-ID: <55C24C09.8020404@goodadvice.pages.de>
Date: Wed, 05 Aug 2015 10:46:49 -0700
From: Philipp Hancke <fippo@goodadvice.pages.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie>
In-Reply-To: <55C24293.5000603@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/1RRWcvfYkym0j70Fv1bb2MnZJDQ>
Cc: tram@ietf.org
Subject: [rtcweb] TURN permissions for private ips (was: Re: Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT))
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 17:47:05 -0000

Am 05.08.2015 um 10:06 schrieb Stephen Farrell:
[...]
> Part of my question
> then is why exposing that additional meta-data to a server
> that most users won't know exists, and that is likely
> controlled by some entity the user has no clue is even
> involved in their calls, is acceptable.

There is an issue with TURN here, but it's not related to the consent 
freshness draft.

If a peer sends candidates with IP addresses from the private space, 
permissions for those are created at the TURN server. Potentially not 
utilising transport encryption even.

I doubt those candidates ever work, so from a privacy point of view it 
seems that clients should not create those permissions in the first 
place. And ICE should probably not try to create pairs.

v2.23.0 | Report a Bug | By Email