Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
Cullen Jennings <fluffy@cisco.com> Mon, 31 October 2011 00:05 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C526511E8091 for <rtcweb@ietfa.amsl.com>; Sun, 30 Oct 2011 17:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.35
X-Spam-Level:
X-Spam-Status: No, score=-106.35 tagged_above=-999 required=5 tests=[AWL=0.205, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvlPUkHpbPwB for <rtcweb@ietfa.amsl.com>; Sun, 30 Oct 2011 17:05:18 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 12BF921F8BF9 for <rtcweb@ietf.org>; Sun, 30 Oct 2011 17:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=fluffy@cisco.com; l=3139; q=dns/txt; s=iport; t=1320019517; x=1321229117; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=MNxPW1IPN9QRDrsq+/gnHyCZmLTbPa/MnbzVOEIakBw=; b=XCGyJGL2r+p4c2GbnH1j6rKMeM7EqPxpClc6Xd6mgdC7mkUgCKOdzxOM 7yTmxE78722j/UdNXgIBOG6/dvtviAzw3wpoecnUqdoBh1ggfq0kzCXVu da0pNNPoizpWkBbVSh3PJ1J+MTuUgaY/2VMXPFobnHAIar5R+Bu3mIHXe M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ak4GANHlrU6rRDoG/2dsb2JhbABDJqkagQWBcgEBAQECAQEBAQ8BJzQLEAsOCi4nMAYTIodgCJVHAZ0XBIghYQSIBowIkX4
X-IronPort-AV: E=Sophos;i="4.69,428,1315180800"; d="scan'208";a="11296201"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-3.cisco.com with ESMTP; 31 Oct 2011 00:05:16 +0000
Received: from sjc-vpn2-1232.cisco.com (sjc-vpn2-1232.cisco.com [10.21.116.208]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p9V05Ds5024727; Mon, 31 Oct 2011 00:05:16 GMT
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@cisco.com>
In-Reply-To: <EB4481BA-E39E-4A9C-85E6-79B48F82298C@acmepacket.com>
Date: Sun, 30 Oct 2011 14:51:05 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <D26139DD-C202-4D34-BE08-D6FA3B149017@cisco.com>
References: <4EA5EA46.1010803@jesup.org> <D3C41C1C-3586-4A22-8040-C7F0E22B41A7@acmepacket.com> <CABcZeBPuDZKCQgZ4RV-_zMrp2wa1EjM-w74VA=TuDzY3UY0HtQ@mail.gmail.com> <EB4481BA-E39E-4A9C-85E6-79B48F82298C@acmepacket.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2011 00:05:18 -0000
+1 On Oct 25, 2011, at 9:31 , Hadriel Kaplan wrote: > > On Oct 25, 2011, at 10:20 AM, Eric Rescorla wrote: > >> On Tue, Oct 25, 2011 at 1:02 AM, Hadriel Kaplan <HKaplan@acmepacket.com> wrote: >>> >>> Req. 8: The data stream transport protocol MUST NOT encode IP addresses inside its protocol fields; doing so reveals potentially private information, and leads to failure if the address is depended upon. >> >> I don't really understand what this means. In general, the peer has >> access to your IP address >> information from ICE. > > From a privacy perspective: if a person uses a Web-site designed with privacy/anonymity in mind (e.g., battered-spouse forum), then the site would relay your media-plane stuff through a type of TURN server that does ICE itself both ways. But if the SCTP layer on top of UDP encodes your local IP using one of the optional SCTP fields in RFC 4960 or 5061, then you lose that anonymity. Since the SCTP layer is built into the Browser and not under control of the Javascript, a site can't prevent it from revealing that info. > > From a failure perspective: if the SCTP layer on top of UDP encodes local or remote IP addresses using an SCTP field, presumably it does so for some purpose. Since history has shown that relying on embedded IP Addresses for anything is prone to failure due to the proliferation of NATs, double-NATs, v4-v6 NATs, etc., then we shouldn't want SCTP to rely on such being useful. The best way to make sure it can't rely on them, is not to use any to begin with. :) > > >>> Req. 10: The data stream packet format/encoding MUST be such that it is impossible for a malicious Javascript to generate an application message crafted such that it could be interpreted as a native protocol over UDP - such as UPnP, RTP, SNMP, STUN, etc. >> >> I'm not sure this is really an issue the way you raise it. It's clear >> that you shouldn't be able to >> generate messages that appear to be STUN or RTP but that's necessary >> for demux to work >> right. > > Yes I didn't mean to imply it would be hard to satisfy the requirement, or not necessary for other reasons. I suggested it because some people wanted to do raw UDP a while ago and this requirement's there to show we can't do raw UDP. > > >> However, given that the other side has consented, I don't see >> that confusion with >> other protocols being an issue. The kind of intercepting proxies that >> we found for >> HTTP don't seem to be a feature of the UDP environment. > > > I don't know that intercepting middleboxes don't exist for any/all random UDP-based protocol. I wouldn't be surprised to find there are for DNS, for example. But you're talking about for ever, not just now. I don't have a crystal ball. Regardless, I would expect this requirement to be achieved easily, no? > > -hadriel > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Ted Hardie
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Cullen Jennings