Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
Randell Jesup <randell-ietf@jesup.org> Thu, 27 October 2011 19:06 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0A7521F8B7F for <rtcweb@ietfa.amsl.com>; Thu, 27 Oct 2011 12:06:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yjYAd+MP1sj for <rtcweb@ietfa.amsl.com>; Thu, 27 Oct 2011 12:06:51 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id EEB0F21F8B7A for <rtcweb@ietf.org>; Thu, 27 Oct 2011 12:06:50 -0700 (PDT)
Received: from pool-173-49-141-165.phlapa.fios.verizon.net ([173.49.141.165] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RJVHt-0005ES-Te; Thu, 27 Oct 2011 14:06:49 -0500
Message-ID: <4EA9ABC1.1000201@jesup.org>
Date: Thu, 27 Oct 2011 15:06:41 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4EA5EA46.1010803@jesup.org> <D3C41C1C-3586-4A22-8040-C7F0E22B41A7@acmepacket.com> <CABcZeBPuDZKCQgZ4RV-_zMrp2wa1EjM-w74VA=TuDzY3UY0HtQ@mail.gmail.com> <EB4481BA-E39E-4A9C-85E6-79B48F82298C@acmepacket.com>
In-Reply-To: <EB4481BA-E39E-4A9C-85E6-79B48F82298C@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Subject: Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2011 19:06:51 -0000
On 10/25/2011 11:31 AM, Hadriel Kaplan wrote: > On Oct 25, 2011, at 10:20 AM, Eric Rescorla wrote: > >> On Tue, Oct 25, 2011 at 1:02 AM, Hadriel Kaplan<HKaplan@acmepacket.com> wrote: >>> Req. 8: The data stream transport protocol MUST NOT encode IP addresses inside its protocol fields; doing so reveals potentially private information, and leads to failure if the address is depended upon. >> I don't really understand what this means. In general, the peer has >> access to your IP address >> information from ICE. > From a privacy perspective: if a person uses a Web-site designed with privacy/anonymity in mind (e.g., battered-spouse forum), then the site would relay your media-plane stuff through a type of TURN server that does ICE itself both ways. But if the SCTP layer on top of UDP encodes your local IP using one of the optional SCTP fields in RFC 4960 or 5061, then you lose that anonymity. Since the SCTP layer is built into the Browser and not under control of the Javascript, a site can't prevent it from revealing that info. There's a corollary: a user should be able to set their browser and/or App to force all incoming calls (and maybe outgoing) through a TURN server. (There may be other uses for this ability, like corporate firewall traversal, but the case you mention is one of them). Witness the recent attack on identity info on Skype using call-setup protocols, without even decoding them: http://www.theregister.co.uk/2011/10/21/skype_bittorrent_stalking/print.html and http://cis.poly.edu/~ross/papers/skypeIMC2011.pdf In theory it could be more nuanced - direct connections for people in your phonebook, or listed as friends, etc. But that may be too confusing for generic users, and too likely to mess up. This is more likely a W3C issue, so CC-ing that list -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Ted Hardie
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Cullen Jennings