[rtcweb] Security implications of host candidates
Justin Uberti <juberti@google.com> Mon, 02 July 2018 23:01 UTC
Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708B413143A for <rtcweb@ietfa.amsl.com>; Mon, 2 Jul 2018 16:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.509
X-Spam-Level:
X-Spam-Status: No, score=-17.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id id5E6b9il0pJ for <rtcweb@ietfa.amsl.com>; Mon, 2 Jul 2018 16:01:37 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41571130E30 for <rtcweb@ietf.org>; Mon, 2 Jul 2018 16:01:37 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id l7-v6so49721ioj.1 for <rtcweb@ietf.org>; Mon, 02 Jul 2018 16:01:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=bHhOk5TBZj1PfaoPl4cr0DvzibwfnGPACPF3jHhwvSs=; b=VFhv2+sTP9WON6d9EoonxU5JPYMt+SJV+aSdvn46UNc9WkPGh+Kaffb2STbNErUxhn 8I1gL6+5UGwNwgeL7lHpOMlMZtFBxQy08h5tnvqjuC5WPjzLuxL6qf3cY60w+OHJTEkQ H9YVO0yag1oUnaMWzN5harLnelGzFZZ+lEpy9eYew43y8tHDLToWutoRgRbB9md6qY5J RdVKNAu3MLkLTsV06GJOCYQz5Q0c916Y6MvLbuNB1fvA5RTA9Z6rBfLY/Er1Og4aVyRe 70uBPvKbsfTceMu+v78GeED84PaO29z7JY0Bn9+n+olZDIy6X80KYpNTh3l658+xtdMI 4gOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=bHhOk5TBZj1PfaoPl4cr0DvzibwfnGPACPF3jHhwvSs=; b=pCsIkXxiW8q/un6j46Aa046Vp+SM0D5dCxbpJ9kjUQ/VFIVF8Mi5xt3caqeBu6azF+ w4LqYpceJwCyH1garY/R0oy1u+CERmikx3ofF9/m6ja8KAYkJE+/0jl9wRsE8dyDm1xQ svcBscjtw5Y6MKWdX+S8WCWBzgT8X46E5+D3xRJvFgtqXETI5PAzTUlNMUqVs8vwsC/M HqTMeuxRWKL4wJnrY6fvVXvk/AEbgEGlNNUbNSH+QT9yyu7hbwGi71spDF/03w8cKIh+ 0kZ4QgbjFsfBEozsH5GvknlZN1AYTdaOG2QbU1omYs/NP1lhPVMgza7s0kK9qc6LHKwZ 44hQ==
X-Gm-Message-State: APt69E3Oh4dgBQ1rx8o/twRtt9xvx0RE+adxDKHxCaZdYoWFKFbZ9TkM PW0c+4m904NJU+X9kTpXzfRV2pLsBLOHfVkQJdkQVA==
X-Google-Smtp-Source: AAOMgpd2mfL8So9wK2IW3eSsuKCmV6nPH5MphG+lXu1QFMKiVpH7LgIKsRx1d4jJKeXKV3UlPtFpx8joNq2lIvFYcYw=
X-Received: by 2002:a6b:b387:: with SMTP id c129-v6mr23652771iof.32.1530572496234; Mon, 02 Jul 2018 16:01:36 -0700 (PDT)
MIME-Version: 1.0
From: Justin Uberti <juberti@google.com>
Date: Mon, 02 Jul 2018 16:01:24 -0700
Message-ID: <CAOJ7v-1t_BDEEHmA4eqiS9ksYOOyHUz9LFLhQxs8FhjTdswP5w@mail.gmail.com>
To: youenn fablet <yfablet@apple.com>, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f1548f05700c2dfb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/MiOOTE3aTSiQMdt9QsArV-Oiad4>
Subject: [rtcweb] Security implications of host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 23:01:47 -0000
https://tools.ietf.org/html/draft-mdns-ice-candidates-00 has a section where it talks about the privacy implications of being able to determine that two browser contexts are running on the same machine by making a host-host connection and analyzing the connection RTT: A successful WebRTC connection between two peers is also a potential thread to user privacy. When a WebRTC connection latency is close to zero, the probability is high that the two peers are running on the same device. Browsers often isolate contexts one from the other. Private browsing mode contexts usually do not share any information with regular browsing contexts. The WebKit engine isolates third- party iframes in various ways (cookies, ITP) to prevent user tracking. Enabling a web application to determine that two contexts run in the same device would defeat some of the protections provided by modern browsers. I would think that this concern would still exist even without host candidates, through either a) IP matching + user-agent fingerprinting b) srflx-srflx connections and NAT hairpinning FWIW, this topic does not appear to be noted in the rtcweb security docs.
- Re: [rtcweb] Security implications of host candid… westhawk
- Re: [rtcweb] Security implications of host candid… Harald Alvestrand
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Feross Aboukhadijeh
- [rtcweb] Security implications of host candidates Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Lennart Grahl
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Harald Alvestrand
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Manuel Kasper
- Re: [rtcweb] Security implications of host candid… Nils Ohlmeier
- Re: [rtcweb] Security implications of host candid… Justin Uberti