IETF Logo Mail Archive

Re: [rtcweb] IP handling: Using mDNS names for host candidates

T H Panton <thp@westhawk.co.uk> Thu, 14 June 2018 17:34 UTC

Return-Path: <thp@westhawk.co.uk>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9ED2130F26 for <rtcweb@ietfa.amsl.com>; Thu, 14 Jun 2018 10:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wt7TrWx7R792 for <rtcweb@ietfa.amsl.com>; Thu, 14 Jun 2018 10:34:30 -0700 (PDT)
Received: from smtp001.apm-internet.net (smtp001-out.apm-internet.net [85.119.248.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76B9D130F2D for <rtcweb@ietf.org>; Thu, 14 Jun 2018 10:34:30 -0700 (PDT)
Received: (qmail 20291 invoked from network); 14 Jun 2018 17:34:28 -0000
X-APM-Authkey: 255286/0(159927/0) 2011
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp001.apm-internet.net with SMTP; 14 Jun 2018 17:34:28 -0000
Received: from localhost (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id 8FCF618A034F; Thu, 14 Jun 2018 18:34:28 +0100 (BST)
Received: from zimbra003.verygoodemail.com ([127.0.0.1]) by localhost (zimbra003.verygoodemail.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MW9Q63lFY3WE; Thu, 14 Jun 2018 18:34:28 +0100 (BST)
Received: from [192.67.4.33] (unknown [192.67.4.33]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id 5372118A01C6; Thu, 14 Jun 2018 18:34:28 +0100 (BST)
From: T H Panton <thp@westhawk.co.uk>
Message-Id: <54A66854-7212-49CE-B164-A9F1E83B4802@westhawk.co.uk>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D2855255-D8C8-45A7-822E-A0B4CC2BD496"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Thu, 14 Jun 2018 18:34:27 +0100
In-Reply-To: <CAOJ7v-0vbsVxEK07B1DXnv3Zzc_YtFAjoGG9wAPzrukMgxxHLw@mail.gmail.com>
Cc: Cullen Jennings <fluffy@iii.ca>, RTCWeb IETF <rtcweb@ietf.org>, youenn fablet <yfablet@apple.com>
To: Justin Uberti <juberti=40google.com@dmarc.ietf.org>
References: <CAOJ7v-2FQ3yfyfmFY8MT17nTFUvsNyixKuXXeT-Rq7zVQKBMnA@mail.gmail.com> <BC4154C2-DB59-4298-9F8D-86495C153D37@iii.ca> <CAOJ7v-0vbsVxEK07B1DXnv3Zzc_YtFAjoGG9wAPzrukMgxxHLw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/O4QLUlhal4n3feaOPRUnrVrvxnA>
Subject: Re: [rtcweb] IP handling: Using mDNS names for host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 17:34:44 -0000

In the case of Burningman/town-hall intranet meeting - the side _sending_ the media would presumably have GUM permissions,
so be advertising it's 'private' IPv4s - I guess we might get a direct connection set up via peer-reflexives discovered that way.

T.


> On 14 Jun 2018, at 18:14, Justin Uberti <juberti=40google.com@dmarc.ietf.org> wrote:
> 
> This is a valid concern, but keep in mind that this only applies to:
> - apps without gUM permission (or else they can use Mode 1)
> - on networks that don't support IPv6 (or else they can use the RFC 4941 v6 address)
> - on networks where mDNS is turned off or constrained
> 
> I tend to think this is still a pretty good tradeoff. 
> 
> One other option could be to add a new Mode 1.5 that did hand out the private IP which could be selected by domain admins, but given how subtle this area is, I tend to think that it would rarely, if ever, be enabled.
> 
> On Wed, Jun 13, 2018 at 1:28 PM Cullen Jennings <fluffy@iii.ca <mailto:fluffy@iii.ca>> wrote:
> 
> 
> With my individual hat on …
> 
> I have a bunch of concerns about this but the biggest is that mDNS does not work on a large percentage of medium and large corporate WiFI Networks. The problem is the large multicast domains trash the WiFi performance so many APs turn off mDNS or limit it’s range to much less than the scope of where just testing the address with ICE would be routable. It’s exactly theses environment where using the local IP vs a TURN IP provides lots of benefit.  I like the idea of trying to use mDNS but I’d want tot see strong evidence it worked in theses environments before putting it in at the last minute. 
> 
> 
> 
>> On Jun 11, 2018, at 6:40 PM, Justin Uberti <juberti=40google.com@dmarc.ietf.org <mailto:juberti=40google.com@dmarc.ietf.org>> wrote:
>> 
>> The Safari team has come up with a clever approach to avoid disclosing private IP addresses for host candidates. As discussed in this WebKit bug <https://bugs.webkit.org/show_bug.cgi?id=174500>, the technique works as follows:
>> Register a random UUID-based mDNS name when ICE gathering starts
>> Replace the private IP address by a "{UUID}.local" string in each host candidate (and set raddr to 0.0.0.0 for other candidates)
>> The other party will do mDNS resolution on any candidate having a .local suffix, similar to how hostnames in candidates are handled in RFC 5245, Section 15.1.
>> This technique is relevant to the IP handling document, as it addresses one of the lesser problems (private IP disclosure) from the overall problem statement. While I don't think this will have a large impact on the document, including the default mode selection, incorporating this technique would result in some moderate changes:
>> Section 5.1 would mention concealing private IPs in the default case as an explicit goal.
>> In Section 6, Mode 2 would change from handling out private IPs to handing out mDNS names.
>> This document would have to describe the technique or point to another document that describes the technique. mmusic-ice-sip-sdp, Section 4.1 <https://tools.ietf.org/html/draft-ietf-mmusic-ice-sip-sdp-20#section-4.1> seems like a good option, as it already covers how to handle DNS names in ICE candidates.
>> This is a significant improvement and I think we will want to incorporate this suggestion. Is this something we could do as part of this WGLC, or should we look for another option?
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org <mailto:rtcweb@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rtcweb <https://www.ietf.org/mailman/listinfo/rtcweb>
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email