IETF Logo Mail Archive

Re: [rtcweb] Please require user consent for data channels

Roman Shpount <roman@telurix.com> Thu, 30 July 2015 19:26 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA011ACC91 for <rtcweb@ietfa.amsl.com>; Thu, 30 Jul 2015 12:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.079
X-Spam-Level:
X-Spam-Status: No, score=-0.079 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diEEAYlSeb0I for <rtcweb@ietfa.amsl.com>; Thu, 30 Jul 2015 12:26:50 -0700 (PDT)
Received: from mail-ig0-f176.google.com (mail-ig0-f176.google.com [209.85.213.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABA3B1ACCF2 for <rtcweb@ietf.org>; Thu, 30 Jul 2015 12:26:47 -0700 (PDT)
Received: by igbpg9 with SMTP id pg9so17749128igb.0 for <rtcweb@ietf.org>; Thu, 30 Jul 2015 12:26:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3C0KQ2zfMVgov/UmpzzWVRv+CRkb8dcYHgJyC4IqYgA=; b=U4PMWf8AlTzSmwtKNm8v9bBe6pez/twaHtppifEq4glo9PB08TF0S+Av1alBGod8Fa 4cKEBIUutgnEF3uduYXjcBpiONt89X6BQGXeFurALxkk4KciJowVRMF2pWN8pLU1HtD7 YCm9mQVwwoHgY4u3kzXH82Xd5Z093vF2YHYpPT+CYMSfzZij/ewATKnz/L/BCbm/oSUP 6m28EpO+hjejdx7EbPcwQJKZ3Mrlp9lwcnDy2ICHtwYB7QPFHWSUL9cBQN3824WPGFEa KfqAo5cYeY93jmEWCrVQwwF47GgA3IvK7jRHntZVxh353lb15nNCp6Gp6PyPwZi0UsG7 iERg==
X-Gm-Message-State: ALoCoQmspRs5A+j0HCwDfwKiHgnbbQ3y4zauMn3qT0uRnl8nfuyBGAq+Wz06NCHbrBLsWihAIh/f
X-Received: by 10.50.40.39 with SMTP id u7mr7578324igk.71.1438284407197; Thu, 30 Jul 2015 12:26:47 -0700 (PDT)
Received: from mail-io0-f176.google.com (mail-io0-f176.google.com. [209.85.223.176]) by smtp.gmail.com with ESMTPSA id q12sm1968529igr.2.2015.07.30.12.26.45 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Jul 2015 12:26:45 -0700 (PDT)
Received: by ioea135 with SMTP id a135so63962253ioe.1 for <rtcweb@ietf.org>; Thu, 30 Jul 2015 12:26:44 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.152.81 with SMTP id a78mr13393462ioe.145.1438284404730; Thu, 30 Jul 2015 12:26:44 -0700 (PDT)
Received: by 10.36.89.70 with HTTP; Thu, 30 Jul 2015 12:26:44 -0700 (PDT)
In-Reply-To: <55B9C503.4050807@jesup.org>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <55B9C503.4050807@jesup.org>
Date: Thu, 30 Jul 2015 15:26:44 -0400
Message-ID: <CAD5OKxsmTWNrtv7OM_Zo3iazmmEfmtdpdBbfM9ZAPxYf3BFsWg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Randell Jesup <randell-ietf@jesup.org>
Content-Type: multipart/alternative; boundary="001a114043c607b567051c1cafcb"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/QMge-U2tkfkTdZy2X_qA9vjd5fY>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 19:26:52 -0000

Hi Randell,

I do agree with most of your argument regarding fingerprinting and gUM. I
also agree that this is not just the data channel issue and similar
exploits can be created using audio or video connections. Furthermore,
these usage patterns are very difficult to distinguish from legitimate
applications. On the other hand I would argue that all of this exploits do
not matter, since you can get the same information using non webrtc related
HTML functionality.

One thing that I do not agree with is that PeerConnection introduced a
significant new behavior -- routing data over the non-default network
interface. This is something that was not possible before. There is no way
to overwrite default routing with HTTP request or anything similar
generated by the browser. Overwriting default routing would allow creation
of a whole new class of exploits, from determining user other IP addresses
to forcing traffic over unexpected networks and generating expenses for the
 user. My suggestion is that until system wide preferences are exposed via
some other mechanism defined by MIF, web browser should follow the local
policy and do not overwrite local routing metrics by sending ICE requests
over specific interfaces. At the very least, this should only be enabled
via some sort of configuration option which should be disabled by default.
I understand that using only default routes can decrease the chances of
connection, but from my experience* we are talking about less then 0.1% of
all the users.

Also, please note that a lot of software VPNs do allow routing over
secondary gateways. There is nothing fake or unusual about them. For
instance Microsoft default PPTP VPN simply creates a virtual adapter for
the VPN connection and creates a route with lower metric. This virtual
adapter, on the other hand is using the previous default route for PPTP
connection.

* We have deployed a VoIP system with 500K users that used ICE in
combination with TURNs over default route with HTTP connect option. Total
number of users who could not place a call even though they could connect
to the web server was less then 0.1%.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email