IETF Logo Mail Archive

Re: [rtcweb] Transports: RFC 4941 support?

Dan Wing <dwing@cisco.com> Thu, 20 March 2014 14:53 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 311941A046A for <rtcweb@ietfa.amsl.com>; Thu, 20 Mar 2014 07:53:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.047
X-Spam-Level:
X-Spam-Status: No, score=-15.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GedswjfwdkYj for <rtcweb@ietfa.amsl.com>; Thu, 20 Mar 2014 07:53:04 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id B00041A0747 for <rtcweb@ietf.org>; Thu, 20 Mar 2014 07:53:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10227; q=dns/txt; s=iport; t=1395327176; x=1396536776; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=ujTpFfmoFZeFfOL2U6m9IQTmtx76w1wbH9B94nj2PFk=; b=dRwYdHrmRp0mq4xJC4oxr06GPBXuy7L30yXvrFQNletpbdRAY3pmxb5Z z32G8jdn7Tu07lss6C5UzfvwaHgHWqLP3TNK3R2/YyBKKad4H8RLvucvP 8Fmax1/y02MWJF30VmWeBHQn2Ykz1+1b/pF3pgJXxFsmMpKEp99mfhhjx g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjAFAOz/KlOrRDoH/2dsb2JhbABZgkJEO4UftlSGYlGBGBZ0giUBAQEDAQEBAWsLBQsLGC4nMAYTh3EHDs9XEwSOYQQHgySBFASJUosJg2ySMINNHYEsJA
X-IronPort-AV: E=Sophos; i="4.97,695,1389744000"; d="scan'208,217"; a="106021096"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 20 Mar 2014 14:52:55 +0000
Received: from sjc-vpn3-1362.cisco.com (sjc-vpn3-1362.cisco.com [10.21.69.82]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2KEqtTT002903; Thu, 20 Mar 2014 14:52:55 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_62047197-D5B8-4167-8334-CAF775DE4C11"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <5329B617.2070001@alvestrand.no>
Date: Thu, 20 Mar 2014 07:52:58 -0700
Message-Id: <17885A74-50A3-49E3-8C54-E53C55019C73@cisco.com>
References: <CAOJ7v-0Hw0NFs_avsB2Z8do21BCws2LRZSeSh6HP0t455SPXyw@mail.gmail.com> <B6836FFA-867A-4CBF-9855-D265425EC5E1@cisco.com> <CAOqqYVE=i2L7FxGgKuV0DVaaxYOPnxzSEbDoq0_4Tqapna575g@mail.gmail.com> <CD747481-EBDA-4FFC-A31D-618E6E217420@cisco.com> <5329B617.2070001@alvestrand.no>
To: Harald Alvestrand <harald@alvestrand.no>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/KD-qtdvwUC50r7xKkWDBBg-Z_3U
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Transports: RFC 4941 support?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 14:53:10 -0000

On Mar 19, 2014, at 8:21 AM, Harald Alvestrand <harald@alvestrand.no> wrote:

> On 03/19/2014 04:08 PM, Dan Wing wrote:
>> 
>> On Mar 19, 2014, at 12:02 AM, Harald Alvestrand <hta@google.com> wrote:
>> 
>>> I'd like to be silent on the issue, since which IPv6 addresses to prefer is likely to be a matter of system policy. Trying to override system policy in an application specific profile usually leads to sadness.
>> 
>> The application needs to indicate if it wants a temporary address. If the host's policy (or configuration or network) does not support temporary addresses, the application won't get a temporary address.  I don't see why being silent helps?
> 
> What API is it using?
> 
> With a little Googling, the system policy I was thinking of was the policy in RFC 6724 ("Default Address Selection for IPv6"), in particular section 5 rule 7: "Prefer  temporary addresses".
> 
> I'm happy to say "it is a good idea for systems to implement the recommendations of RFC 6724" (or some more 2119-like language). I wouldn't want to claim that if a system has chosen to prefer non-temporary addresses, it would have to change its non-conformance to RFC 6724 in order to be conformant with RTCWEB specifications.

So perhaps:
   "An RTCWEB implementation SHOULD prefer to use temporary addresses [RFC4941] where host and network policy permit [RFC6724]."
?

-d


> 
>> 
>> -d
>> 
>> 
>>> 
>>> 
>>> 
>>> On Wed, Mar 19, 2014 at 6:14 AM, Dan Wing <dwing@cisco.com> wrote:
>>> 
>>> On Mar 18, 2014, at 6:00 PM, Justin Uberti <juberti@google.com> wrote:
>>> 
>>>> https://tools.ietf.org/html/rfc4941 defines the concept of temporary IPv6 addresses. For, example, as enumerated on my local system:
>>>> 
>>>> inet 172.31.x.y netmask 0xfffffe00 broadcast 172.31.x.255
>>>> inet6 2620::1008:100b:e2f8:47ff:wwww:xxxx prefixlen 64 autoconf 
>>>> inet6 2620::1008:100b:819e:1d3f:yyyy:zzzz prefixlen 64 autoconf temporary 
>>>> 
>>>> As indicated in the RFC, the temporary addresses expire after hours or days, and therefore could be used to prevent long-term linkability of sessions. Expiration shouldn't be an issue for WebRTC, since we can simply do ICE restart if this occurs during a session.
>>>> 
>>>> Is this something we want to recommend in the transports doc?
>>> 
>>> Yes.
>>> 
>>> And it should be as frequent as every new 'call', if IPv6 privacy addresses are to provide the same privacy as a NAPT44, as a NAPT44 should be assigning random ports per reasons described in RFC6056.
>>> 
>>> The transport document should also recommend doing port randomization (RFC6056), as that was found pretty useful for DNS, but randomizing ports is still not popular with many OS's TCP stacks for whatever reason.
>>> 
>>> -d
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email