IETF Logo Mail Archive

Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

Lennart Grahl <lennart.grahl@gmail.com> Fri, 20 April 2018 01:10 UTC

Return-Path: <lennart.grahl@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E93712E8A6 for <rtcweb@ietfa.amsl.com>; Thu, 19 Apr 2018 18:10:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XzMgf5BvEAb for <rtcweb@ietfa.amsl.com>; Thu, 19 Apr 2018 18:10:40 -0700 (PDT)
Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09B4A1270A7 for <rtcweb@ietf.org>; Thu, 19 Apr 2018 18:10:40 -0700 (PDT)
Received: by mail-wr0-x22a.google.com with SMTP id z73-v6so18612700wrb.0 for <rtcweb@ietf.org>; Thu, 19 Apr 2018 18:10:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=+Xi+EAszD1o3Z2dzwszvoe+JxMqXgGOZ+HwXhAhhfR0=; b=D1VDx+SeqA15Nc9RCh8SJJXZoPNqL6c8uN+C/SrMxFpTYUCkvJMsCYpMCesp69pOqj aQBoKWSdrO3u53BkE/COwa1UGyHQ9MhmguHPeMgma1zeDw7M6rW2Pumc5dNeWPvxQOcJ RzbmYXBiSeMJYgWgfA07tsF6IdndCAAO9Xj2h5Bjyh8iw3rqNZl3LKjZ6joHtppww41Y jKBlKG9MRReHDTrKCE/9EtKfQfTRF7ufgM4IjKDe4WLTwOXswdQIfE9UKkFvg9/bHSoA BsfJ6SluHdTCR72ZfvJo1+4IvDtzmFG9ea0pDbjRoqBWCXQBcxMvg9RUYUDJFJPeHOFL 7vpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=+Xi+EAszD1o3Z2dzwszvoe+JxMqXgGOZ+HwXhAhhfR0=; b=NoGJkakUgM11UCOZDS8ZMoZK5ZrBjNaIuXRXSxrgq90iDmDqf7W7sZMsATcMXui6b5 fy441yB2xsJ4dhp3deGub0uL6eUpYRrmOqlUjAmLTnTYV9JKJRPj52lR+J5ia64b5svy EXvfl5MvrL5tNk3MS5KLZ1CuFi4zFJRf2HkZbfqLjp5BgRW6/J6UerWkJrc1FJA2n0nT upmcK9jcZBYkzTDHnQDZ4KeCGNt/5gWSFoqPLH1nRRPt0ExHA0VJ90WZtYD8pW1uygxC 7QWlvHe2uRGIjBmFFQwxXPa4u6TajTUmcmbV8BMYzPZIq/P0cDOMYVG3lFKSJVb/+Ckz 8bPw==
X-Gm-Message-State: ALQs6tAN1/4WCp0rXC7WfkFcsm49f6fnvOfxL9mr/HUDpjTsOxuL3zj6 PRx/fwivhPJBLujR2lvMkM1vOw==
X-Google-Smtp-Source: AIpwx49UQgkcWSZBABpL5BpnQDBHTFCuPaGdPtJ0EXFrc9kUufEoFG9JlQNoAKDeL+godUAW+OwOkA==
X-Received: by 2002:adf:a219:: with SMTP id p25-v6mr6150312wra.154.1524186638086; Thu, 19 Apr 2018 18:10:38 -0700 (PDT)
Received: from ?IPv6:2003:cd:6f24:eb00:b4bb:a980:85e1:c6f9? (p200300CD6F24EB00B4BBA98085E1C6F9.dip0.t-ipconnect.de. [2003:cd:6f24:eb00:b4bb:a980:85e1:c6f9]) by smtp.gmail.com with ESMTPSA id 44-v6sm4004950wrl.83.2018.04.19.18.10.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Apr 2018 18:10:37 -0700 (PDT)
To: Justin Uberti <juberti@google.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <CAOJ7v-3NsqD6pq-kkMw81+2n_D8qf558CKeCE76ZypyxwCgs9g@mail.gmail.com> <CAOJ7v-2NJ1vhVUerZ1cn8MP9hD_vgAYBurjeQKMx76Aa_U=n=Q@mail.gmail.com> <A8B32C11-30BD-4DA8-9BAB-FA26747BFF66@westhawk.co.uk> <CAOJ7v-0VNCjGdhtz56jwwksBcfPk=9wuxfMgwi8mq7ViFyWpuw@mail.gmail.com> <DDEE408B-B49E-465E-B17B-C2813AF4F2F4@westhawk.co.uk> <CAOJ7v-26f1hrujtegK6_U50E0MZPy5zmf0yDUWBY5oqrKQmGQg@mail.gmail.com> <CAOJ7v-2fn-SdR2VUbVVHbMB-_Rw9gV0nsRnc2Ace+682LBJBag@mail.gmail.com> <7E9CBD87-6C00-4CF8-AEDE-D2AEFC3213FA@westhawk.co.uk> <CAOJ7v-1sHcm46BCttHMNA4gjUTL98RwBRm-H1HGpF7Bwx2ceGA@mail.gmail.com> <03257894-7D79-463D-BC3A-5B388680A3E7@sn3rd.com> <CAOJ7v-3ycQH4Ho9OJsuYRR3M4GwsPGGkHzx=E0hKbFObSjRxkw@mail.gmail.com> <C06A6EB6-5CD2-4F33-8495-4CC42FFF169B@mozilla.com> <CAOJ7v-1YC9BEtYXLDAjDVaWBT1odawV39+4NTBmc0RG9pMF06g@mail.gmail.com> <a9520cb1-4d63-5ffa-c01f-0bf8c13826a6@gmail.com> <CAOJ7v-3HBRjiRdfx=2ZWPJ=NjZdcWKFjTtEjAM0qMr6q5j207A@mail.gmail.com>
From: Lennart Grahl <lennart.grahl@gmail.com>
Openpgp: preference=signencrypt
Message-ID: <e934abaf-ef1e-027f-8d7c-cc594ddc6ead@gmail.com>
Date: Fri, 20 Apr 2018 03:10:36 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <CAOJ7v-3HBRjiRdfx=2ZWPJ=NjZdcWKFjTtEjAM0qMr6q5j207A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/9pACzI_t5q9BE-EHyOjNUYkkAIY>
Subject: Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2018 01:10:42 -0000

On 20.04.2018 02:02, Justin Uberti wrote:
> On Thu, Apr 19, 2018 at 4:41 PM Lennart Grahl <lennart.grahl@gmail.com>
> wrote:
> 
>> On 20.04.2018 01:29, Justin Uberti wrote:
>>> On Thu, Apr 19, 2018 at 9:22 AM Nils Ohlmeier <nohlmeier@mozilla.com>
>> wrote:
>>>
>>>> While I understand the arguments against adding more mode I still think
>>>> the paragraph describing Mode 4 is missing details and causes confusion
>>>> among implementers:
>>>>
>>>> - It is not clear if the word “proxy” refers to a HTTP proxy or a TURN
>>>> server.
>>>>
>>>> This can easily be improved by replacing the word “proxy” with “HTTP
>>>> proxy” everywhere in the Mode 4 paragraph.
>>>>
>>>
>>> The proxy doesn't need to be a HTTP proxy; it could be a SOCKS or RETURN
>>> proxy (SOCKS is specifically noted in the para).
>>>
>>>>
>>>> - It is unclear how an implementation should behave in the absence of
>> such
>>>> a proxy.
>>>>
>>>> I would suggest to add a sentence the implementation should not hand out
>>>> any candidates in the absence of a HTTP proxy.
>>>>
>>>
>>> This is a fair point. However, my take is that the behavior should be the
>>> same as Mode 3 in this case, as the web server already sees the client
>> IP.
>>> I could add a sentence to make this super clear.
>>
>> The web server, yes. But not the other peer. I don't think we can assume
>> trust towards the web server equals trust towards the other peer. I
>> would agree with Nils that it shouldn't hand out any candidates in this
>> case.
>>
> 
> This is not unique to Mode 4.
> 
> This scenario is discussed in detail in
> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-14#section-5.4;
> I don't think it needs special mention in this doc.

Still, I see no possibility for the user to voice it's opinion in this
matter. However, that may simply be an issue for the browser vendors to
resolve (by providing additional browser settings - I think at least
Firefox does that already).

Then it probably should be clarified because if I'm not mistaken Chrome
gets it wrong, too (no proxy = no candidates). Unless that fourth mode
does not actually map to mode 4 (see
https://cs.chromium.org/chromium/src/content/public/common/webrtc_ip_handling_policy.cc?q=rtcIPHandling&sq=package:chromium&dr=CSs&l=15).

Cheers
Lennart

v2.23.0 | Report a Bug | By Email