IETF Logo Mail Archive

[rtcweb] Security implications of host candidates

Justin Uberti <juberti@google.com> Mon, 02 July 2018 23:01 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708B413143A for <rtcweb@ietfa.amsl.com>; Mon, 2 Jul 2018 16:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.509
X-Spam-Level:
X-Spam-Status: No, score=-17.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id id5E6b9il0pJ for <rtcweb@ietfa.amsl.com>; Mon, 2 Jul 2018 16:01:37 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41571130E30 for <rtcweb@ietf.org>; Mon, 2 Jul 2018 16:01:37 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id l7-v6so49721ioj.1 for <rtcweb@ietf.org>; Mon, 02 Jul 2018 16:01:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=bHhOk5TBZj1PfaoPl4cr0DvzibwfnGPACPF3jHhwvSs=; b=VFhv2+sTP9WON6d9EoonxU5JPYMt+SJV+aSdvn46UNc9WkPGh+Kaffb2STbNErUxhn 8I1gL6+5UGwNwgeL7lHpOMlMZtFBxQy08h5tnvqjuC5WPjzLuxL6qf3cY60w+OHJTEkQ H9YVO0yag1oUnaMWzN5harLnelGzFZZ+lEpy9eYew43y8tHDLToWutoRgRbB9md6qY5J RdVKNAu3MLkLTsV06GJOCYQz5Q0c916Y6MvLbuNB1fvA5RTA9Z6rBfLY/Er1Og4aVyRe 70uBPvKbsfTceMu+v78GeED84PaO29z7JY0Bn9+n+olZDIy6X80KYpNTh3l658+xtdMI 4gOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=bHhOk5TBZj1PfaoPl4cr0DvzibwfnGPACPF3jHhwvSs=; b=pCsIkXxiW8q/un6j46Aa046Vp+SM0D5dCxbpJ9kjUQ/VFIVF8Mi5xt3caqeBu6azF+ w4LqYpceJwCyH1garY/R0oy1u+CERmikx3ofF9/m6ja8KAYkJE+/0jl9wRsE8dyDm1xQ svcBscjtw5Y6MKWdX+S8WCWBzgT8X46E5+D3xRJvFgtqXETI5PAzTUlNMUqVs8vwsC/M HqTMeuxRWKL4wJnrY6fvVXvk/AEbgEGlNNUbNSH+QT9yyu7hbwGi71spDF/03w8cKIh+ 0kZ4QgbjFsfBEozsH5GvknlZN1AYTdaOG2QbU1omYs/NP1lhPVMgza7s0kK9qc6LHKwZ 44hQ==
X-Gm-Message-State: APt69E3Oh4dgBQ1rx8o/twRtt9xvx0RE+adxDKHxCaZdYoWFKFbZ9TkM PW0c+4m904NJU+X9kTpXzfRV2pLsBLOHfVkQJdkQVA==
X-Google-Smtp-Source: AAOMgpd2mfL8So9wK2IW3eSsuKCmV6nPH5MphG+lXu1QFMKiVpH7LgIKsRx1d4jJKeXKV3UlPtFpx8joNq2lIvFYcYw=
X-Received: by 2002:a6b:b387:: with SMTP id c129-v6mr23652771iof.32.1530572496234; Mon, 02 Jul 2018 16:01:36 -0700 (PDT)
MIME-Version: 1.0
From: Justin Uberti <juberti@google.com>
Date: Mon, 02 Jul 2018 16:01:24 -0700
Message-ID: <CAOJ7v-1t_BDEEHmA4eqiS9ksYOOyHUz9LFLhQxs8FhjTdswP5w@mail.gmail.com>
To: youenn fablet <yfablet@apple.com>, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f1548f05700c2dfb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/MiOOTE3aTSiQMdt9QsArV-Oiad4>
Subject: [rtcweb] Security implications of host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 23:01:47 -0000

https://tools.ietf.org/html/draft-mdns-ice-candidates-00 has a section
where it talks about the privacy implications of being able to determine
that two browser contexts are running on the same machine by making a
host-host connection and analyzing the connection RTT:

   A successful WebRTC connection between two peers is also a potential
   thread to user privacy.  When a WebRTC connection latency is close to
   zero, the probability is high that the two peers are running on the
   same device.  Browsers often isolate contexts one from the other.
   Private browsing mode contexts usually do not share any information
   with regular browsing contexts.  The WebKit engine isolates third-
   party iframes in various ways (cookies, ITP) to prevent user
   tracking.  Enabling a web application to determine that two contexts
   run in the same device would defeat some of the protections provided
   by modern browsers.


I would think that this concern would still exist even without host
candidates, through either

a) IP matching + user-agent fingerprinting

b) srflx-srflx connections and NAT hairpinning


FWIW, this topic does not appear to be noted in the rtcweb security docs.

v2.23.0 | Report a Bug | By Email