IETF Logo Mail Archive

Re: [rtcweb] New proposal for IP address handling in WebRTC

Justin Uberti <juberti@google.com> Thu, 23 April 2015 00:15 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8F671B2BF2 for <rtcweb@ietfa.amsl.com>; Wed, 22 Apr 2015 17:15:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.012
X-Spam-Level:
X-Spam-Status: No, score=0.012 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kXusKg53xIGf for <rtcweb@ietfa.amsl.com>; Wed, 22 Apr 2015 17:15:07 -0700 (PDT)
Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D53501B2BE8 for <rtcweb@ietf.org>; Wed, 22 Apr 2015 17:15:00 -0700 (PDT)
Received: by iejt8 with SMTP id t8so49980483iej.2 for <rtcweb@ietf.org>; Wed, 22 Apr 2015 17:14:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=3jZiIKDEVhj4tU9zkWk8c5aSpk8ZJdYMCn6PrWkuXJc=; b=VH8wnGD8oFYp3xxBzLqIIzSdoJwBPyxm9V+yfcc2JbF6pusrTdD4Qbw+8yqyXO8weH S4rNjP5mVU6CCL5axgP3+hdLuY5B62zXXA1Q3nXG9WfG1LNO3O7jaDvx0yDTZLoo9/fO +xrKeg7UrzmL2/LDU3I5hew8TqIqzvST58pdPWDzr8oEMdBANLM9/1wGINzYOVjB1ctk lHkNZs2omHCIYnyJL+iflElfwgz08Jlb+CPzsb9iTkOzZK1MqmF3pY4Gab1SX4eKyF1D CFmt7Q5WRF5ynowagVm3aHDa7H3VNsiScfqe7E0pGZgpa1sQGcUmRMShspj5f/7aRuxg 6K3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=3jZiIKDEVhj4tU9zkWk8c5aSpk8ZJdYMCn6PrWkuXJc=; b=KfLJ+zwd1Ak0BrVk86fj26DrjBJBYffmmy2ZKD1C9lSRJjKZDmB4ZqSm7wggubb4HA a4iu12TGMlvoYEWUavQOGsLgJ4Ex5k/PJCkZc8R8uJ93bXjLEz11TalD9yFbegge99DI 8py9yZYbWURjIN51DeO6914t09ly0N0DTQA4CteYlam9uiNykb6DFh+pvPEFUCb5Lxg3 DZNytzt9BFEerUW8vNyH1kU+MA+/+QI1d+Wf+eJwXw6khHtsg4IyTP2bqZu+E//U337o EA+prfZcwHfesSZms15WFGyyBMb9zFNrdU0+d0MMDuzUgGXDdj+1TYUq7E2iN/eJk2T0 afSw==
X-Gm-Message-State: ALoCoQnTZxbOyMBMhPiaZvwGjxYQ4MrvdPh+M6YmaF//5iWp+UFFW7kNMKneV6ulBjqetVyxPyDv
X-Received: by 10.107.150.198 with SMTP id y189mr196466iod.21.1429748099503; Wed, 22 Apr 2015 17:14:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.63.3 with HTTP; Wed, 22 Apr 2015 17:14:39 -0700 (PDT)
In-Reply-To: <55352067.6070007@nostrum.com>
References: <CAOJ7v-1BQ3cVBQy=DA0eKPkcQ0BP2Ga1t2nxi9uB_Yzs51GAvg@mail.gmail.com> <55352067.6070007@nostrum.com>
From: Justin Uberti <juberti@google.com>
Date: Wed, 22 Apr 2015 17:14:39 -0700
Message-ID: <CAOJ7v-3919WLP4rJPU4-510vAAvqep54aJPxULNQeTYZCrqHVg@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Content-Type: multipart/alternative; boundary="001a1140ec389702260514592b8e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/69eS6OmrCymabNzG6FNoMCwSxBU>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] New proposal for IP address handling in WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 00:15:09 -0000

On Mon, Apr 20, 2015 at 8:51 AM, Adam Roach <adam@nostrum.com> wrote:

> On 4/20/15 00:49, Justin Uberti wrote:
>
>> We now propose a new mechanism that attempts to address these issues. The
>> new mechanism works like the previous mechanism, but during the candidate
>> generation process, we call getsockname to obtain the local IP address of
>> the interface used to talk to the STUN/TURN server. This obtains a *single*
>> interface IP, which allows the browser to avoid trombone routing, but also
>> minimizes the amount of IP information revealed to JS. Furthermore, the
>> STUN traffic continues to go out the default route, meaning that if a VPN
>> is used, the 'real' public address is still not disclosed. (Naturally, this
>> has some performance implications, as a user may not always want their
>> media to go out the VPN.)
>>
>
> I think this is an incremental improvement on the previous proposal that
> is worth adding.
>
>
>  As this mechanism should alleviate the primary security concerns with
>> interface enumeration, with relatively small impact on user experience, we
>> propose that this be the default for browsers.
>>
>
> Okay, you had me until here.
>
> The idea about choosing the address that we would use to route to a TURN
> server makes some assumptions about network architectures that don't hold
> in the general case. For those users who are willing to accept increased
> latency (sometimes), decreased quality (sometimes), and reduced connection
> rates (sometimes) in exchange for obscuring certain aspects of their
> network configuration, that's probably okay. You're making things slightly
> worse, but for a real benefit. Well, a real benefit for those specific
> users.
>
> The problem is that, despite the noise and fury that's resulted from this
> issue, the number of users for whom it is a real concern is an
> infinitesimally small fraction of those people who will ever use a web
> browser. And I'm not okay with taking an across-the-board service
> degradation for all users based on something that the overwhelming majority
> of them won't care about.
>
> I'll repeat what I said at the mic in Dallas: for users looking for the
> level of obscurity that you're proposing to provide, WebRTC isn't the only
> concern with regards to modern web browser operation. To get this correct
> requires a vast amount of work, and it's not something that anyone is
> likely to get right by themselves, regardless of level of ability. You need
> a comprehensive approach, such as that described at <
> https://www.torproject.org/projects/torbrowser/design/>. To really get
> this correct, you usually need to have someone take care of the heavy
> lifting for you, which means running something like TorBrowser
>
> If we turn your proposed behavior on by default, we're doing the
> equivalent of putting a locked deadbolt on the bathroom window while
> leaving the front door unlocked, open, and made out of cardboard.
>
> So I'm all for including this ability as something that users can turn on,
> and I'd be happy to brainstorm ways to expose this to users in ways other
> than deep, dark prefs tweaking. But I think it would be a very detrimental
> overreaction to hobble WebRTC by default just to solve a problem for a tiny
> fraction of users.


I certainly understand this position. But I wonder if we are overestimating
the downside and underestimating the upside.

My sense is that any service degradation will be mainly limited to cases
where the user is using a VPN for work, and media ends up tunnelled where
it would otherwise go direct. But pretty much all the other cases result in
the same routing as in our current implementations. And even cases where
routing is suboptimal could perhaps be resolved by adding an explicit
permission request for full interface access.

Regarding upside, these issues are very complex and hard to explain even to
technical people unless they have a comms background. This leads to
widespread confusion and misleading pronouncements, which could become a
headwind for WebRTC adoption.

v2.23.0 | Report a Bug | By Email