Re: [rtcweb] Please require user consent for data channels
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Sat, 18 July 2015 08:37 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45AF1AD277 for <rtcweb@ietfa.amsl.com>; Sat, 18 Jul 2015 01:37:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQtKXY9Vwjjg for <rtcweb@ietfa.amsl.com>; Sat, 18 Jul 2015 01:37:06 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 226E81AD272 for <rtcweb@ietf.org>; Sat, 18 Jul 2015 01:37:06 -0700 (PDT)
Received: by wgbcc4 with SMTP id cc4so3846027wgb.3 for <rtcweb@ietf.org>; Sat, 18 Jul 2015 01:37:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=vdfpCWDKB34C8qI9sPfm+WSmMUhvnnY3MAz78qToXf4=; b=CSSz/ksMYBzz7J9/zeOFIBSZLzW+mHB/VY4ZmovfG4x7M0FHHWlcm6lt3SMFedSH7t PJx+omZgqVFFZMrI59Lon3fPYmG5rQcMikJHggEy9AAdZZDqlB4GwWiJWsfIBpZBAPj0 Cm7Rdfh7NxmnLYDHCVn9fzz0ZWU000OXfQqmWf++vwGloZ0X0m817kLnWMd3PKTa3yCp c7dztPua7zqu0wqlbtcAX1IQKIJzvLH9Na/A1jo33rWijcKe0dBYB9wXxTtc90H01pWY x/u4qnu+fA3ixkA0U9gNp1fzCSZlMheOf0N+0RBiN5dZ1ZOXWqj+GUqMrlcDgMSr8Diw 2Dmw==
X-Received: by 10.194.185.180 with SMTP id fd20mr35239381wjc.16.1437208624902; Sat, 18 Jul 2015 01:37:04 -0700 (PDT)
Received: from [192.168.0.193] ([95.61.111.78]) by smtp.googlemail.com with ESMTPSA id ft5sm1541047wib.4.2015.07.18.01.37.02 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Jul 2015 01:37:03 -0700 (PDT)
To: Justin Uberti <juberti@google.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CAOJ7v-0UBGtP0-atxP7X4OTj-H6Lost5o42aAS65mA6CEqcQsw@mail.gmail.com> <CA+65OsrhXHK+cRAFLCZFt+34vr8eRhj+CN3DgznUBfSwmWYggw@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <55A99148.1040105@gmail.com> <CAOJ7v-1cB47793yH+-mWrdU9rNqX=+HadZpbRf3PezXspqLm1A@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <55AA1039.7070403@gmail.com>
Date: Sat, 18 Jul 2015 10:37:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <CAOJ7v-1cB47793yH+-mWrdU9rNqX=+HadZpbRf3PezXspqLm1A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------090907020106050703060103"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/4ehGYhsEvp0e4VuILwTyHkjyCGA>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2015 08:37:07 -0000
On 18/07/2015 2:19, Justin Uberti wrote: > > On Fri, Jul 17, 2015 at 4:35 PM, Sergio Garcia Murillo > <sergio.garcia.murillo@gmail.com > <mailto:sergio.garcia.murillo@gmail.com>> wrote: > > On 18/07/2015 1:09, Justin Uberti wrote: > > Agree, for each HOST candidate, it should send a STUN request to > the turn server from that IP:port. But shouldn't the VPN > configuration prevent the non-VPN-host-candidate STUN request to > be sent via the non-VPN-interface? (i.e. applying default route > based on dest?) > > > Replying to Sergio: > > Typically with a VPN, the non-VPN interface is locked down so it only > has a single route: to the VPN server. However, split tunnel VPNs > allow the non-VPN interface to route to other addresses (possibly, for > performance reasons), so in this case, the non-VPN-host-candidate STUN > request will be sent successfully from the non-VPN interface. > > Sometimes this will be desirable: imagine someone working from home > who wants to connect to their corp VPN, but wants to have their video > conferencing traffic not go through the VPN. Sometimes this will not > be desirable, i.e. when the VPN is being used for privacy. This makes > picking a perfect default setting difficult, although we have some > ideas that we are exploring. Agree, but IMHO in the case of case of split tunnels, shouldn't that issue be solved better if the VPN is configured with the only the routes to the corporate system via the VPN and leave the default route for the non-VPN-interface for all the other traffic? You know that I am all for fixing connectivity issues in corp networks (my business depends on that!) but in this case I think the privacy of non-WebRTC users that has a VPN configured correctly should be more important than solving the issues of someone willing to do WebRTC but not doing enough to make it work. Could you share the ideas in the list? As Firefox and Edge might have the same behavior (and issues) I think it could be interesting if we can get to a good common solution and add it to the security draft (if you have not done it already ;) Best regards Sergio
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount