Re: [rtcweb] Security implications of host candidates
Justin Uberti <juberti@google.com> Tue, 10 July 2018 00:24 UTC
Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05C6F130EB2 for <rtcweb@ietfa.amsl.com>; Mon, 9 Jul 2018 17:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eJAJyxxRiKq for <rtcweb@ietfa.amsl.com>; Mon, 9 Jul 2018 17:24:27 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5048B12F1AB for <rtcweb@ietf.org>; Mon, 9 Jul 2018 17:24:27 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id y10-v6so3900294ioa.10 for <rtcweb@ietf.org>; Mon, 09 Jul 2018 17:24:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jNk/hOIH2DDggF2w+0JT226IiGNeCM9ccmKJqS8mVi4=; b=E9/D18rpHQqlxD8JbwIbzhujz4Vde6ckj8lRbybQ8sQeTKidFK0KCMn2MTVfszvEIa ooV7jdu01GHSI3GF3VsJmU5+b3k8sz22Z40IcY3ORH0iLLx1DO38Hx0IznX0pPz5JxfX Fq/v1NBHLftb05C3dgTbjnE5YA0iLuKYREnrfONL4TUXh1GXqNMBVmo8ZOpgA+sHvyEs eJSvcEv+2BtfSuZitIG6hWvqtT5Lghm4/iba+Z4s3A9Ws4kKSosJIEZK+V8YEYLzQGsp xKjs0NABay1Uk3R14eTeYvncFRNzE5W4uSFkU7kbV8an1nSMGdLZ5H3vvV6Bk6qvZ9U5 radg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jNk/hOIH2DDggF2w+0JT226IiGNeCM9ccmKJqS8mVi4=; b=WkiMk8/2xLrvaEr/n8Zm62H+W4eFMygNy60i6D7chgDOrAem7obszzHL9UIvcz99t0 LgmzgVV1WX8qlmX7gsfnnyuOoGT4nUr8hvIKXCNTTBWtP0dWW0OkVf3kURNBZDu1GJDo vcV+vxrPiXXjUFUf6AujK18HCypvcbo8bOrx5aAfHhZIcaMZndOpyK5f9HU+zq7ErQqh DWriqepr98sBwMfep/peqUsNvoH1cquToxaQr66XSj3A4idniGLANo6EINIXhEkP0r1y GLoMmor+rtxE/D3enlaXH57amMvThaC/hMrJYMf1f9CldcCEsDZDpthNKIPBffaTJbzm f/UA==
X-Gm-Message-State: AOUpUlEo1986/5TMWoG6JtN5EnCi4Wy2kkmsgoiKByw7zTAlkwvjchJg zrl3jw4H78rdiLHAcV+fz79DalS9/dLcI9JQ/cL5/g==
X-Google-Smtp-Source: AAOMgpcb7D40Jj632c5f0D1GcnmlUU0IwEOZXpXG7IWo4nm0L7aff1dJOlREOyCMlCgdOcjPDLk7KGf/shTakBPZy90=
X-Received: by 2002:a6b:7516:: with SMTP id l22-v6mr14570089ioh.87.1531182266180; Mon, 09 Jul 2018 17:24:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAOJ7v-1t_BDEEHmA4eqiS9ksYOOyHUz9LFLhQxs8FhjTdswP5w@mail.gmail.com> <CANN+akZLRdZdexjU44zPCA6vdQR0hVYT17_4P8DefC0JbRL5mA@mail.gmail.com> <CAOJ7v-2JdiMJ9iWE_cL8G7xDM6iekexJL8KLEbz0jD=p7hiGZg@mail.gmail.com> <CANN+akbv2mpyhgV5vxDHKcsA8UPsSEr0bEjJK4xYxtvbkXNA7w@mail.gmail.com> <CAOJ7v-3gHMCxHU02YG3NoqvWHtXgOSWSm+y88GNDW0qc=Sqq=A@mail.gmail.com> <CAOJ7v-3moUqwgxkz1Fek4vy-XV+WpDaO-PsQZEw4ougoCHjLww@mail.gmail.com> <CANN+akZ=Ebw41mA2wEX7-4u6q5WcZbFtM=VMLX4nDK39S=QGOQ@mail.gmail.com> <CAOJ7v-3X2Sj8Yid+i0=xadyH_Hmf4pMOF_iuOV+56Ty8HNnJuw@mail.gmail.com> <0ED74BE5-AC02-44C5-80E1-18532BD3D1FF@westhawk.co.uk> <CAOJ7v-0TGqvp=MUmeEUjYZTcvV37qbYSTV0pFMoi1J0CJQ7Q4A@mail.gmail.com> <CABkgnnXBTC5TERquJPO4dgiAKz037Cm0Omw4YrobtCW=wmGPyQ@mail.gmail.com> <CAOJ7v-0yzvu9POvR4Auokykqc63eju6_CveAzyVpcSd1kkK6Nw@mail.gmail.com> <CABkgnnXL6sdCDt=hjX+7KbP+xYm9jCmgjJNy4CvPPna_0oin=g@mail.gmail.com> <CAOJ7v-33ODGTsmbHEp_U7UdROvuKR7O7bne2_0tX6ivVf-+C5A@mail.gmail.com> <CABkgnnWJM4CE2ZLHYOOd=VYUj7kn5wFMAbeGB1HRyp++nvbPoQ@mail.gmail.com> <CAOJ7v-2WGyHSbSJwgbVVHLs-GO71rMLS2+OTetNyMhb0TM3ZcA@mail.gmail.com> <54EB6378-5DA2-4125-A4F4-84151D0E4F04@apple.com>
In-Reply-To: <54EB6378-5DA2-4125-A4F4-84151D0E4F04@apple.com>
From: Justin Uberti <juberti@google.com>
Date: Mon, 09 Jul 2018 17:24:14 -0700
Message-ID: <CAOJ7v-2dw1coDTpovTrKa__Oak7Jjn5EYgvWtByaRYmxfDDtXw@mail.gmail.com>
To: youenn fablet <yfablet@apple.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Tim Panton <thp@westhawk.co.uk>, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000106e8305709a27a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/ObtwDfiI0wcXB0SATD-wL60j6VA>
Subject: Re: [rtcweb] Security implications of host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 00:24:29 -0000
On Mon, Jul 9, 2018 at 4:35 PM youenn fablet <yfablet@apple.com> wrote: > > > The reason for the different treatment is that it could be argued that > v6 addresses, being already public and unique, don't constitute a new > signal. That makes the tradeoff with datachannel impact less clear. > > > If they are public, cannot they be discovered and exposed as srflx? That's a good point; I had forgotten about NAT64. v6 STUN isn't widely deployed, but if we did want to hide NAT64 v6 addresses, we could make this work. However, if we consider NAT64 to be an entirely temporary situation, this may not make sense.
- Re: [rtcweb] Security implications of host candid… westhawk
- Re: [rtcweb] Security implications of host candid… Harald Alvestrand
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Martin Thomson
- Re: [rtcweb] Security implications of host candid… Feross Aboukhadijeh
- [rtcweb] Security implications of host candidates Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Lennart Grahl
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Harald Alvestrand
- Re: [rtcweb] Security implications of host candid… youenn fablet
- Re: [rtcweb] Security implications of host candid… Justin Uberti
- Re: [rtcweb] Security implications of host candid… Manuel Kasper
- Re: [rtcweb] Security implications of host candid… Nils Ohlmeier
- Re: [rtcweb] Security implications of host candid… Justin Uberti