Re: [rtcweb] Please require user consent for data channels
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Sat, 18 July 2015 09:00 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 155A71AD378 for <rtcweb@ietfa.amsl.com>; Sat, 18 Jul 2015 02:00:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.377
X-Spam-Level:
X-Spam-Status: No, score=-0.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, MALFORMED_FREEMAIL=0.001, MISSING_HEADERS=1.021, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPk83HFguWZB for <rtcweb@ietfa.amsl.com>; Sat, 18 Jul 2015 02:00:35 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90C311AD375 for <rtcweb@ietf.org>; Sat, 18 Jul 2015 02:00:35 -0700 (PDT)
Received: by wgbcc4 with SMTP id cc4so4083627wgb.3 for <rtcweb@ietf.org>; Sat, 18 Jul 2015 02:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:cc:from:message-id:date:user-agent:mime-version :in-reply-to:content-type; bh=+oOGvhq+mUuAoHgAb8S6tlaGkzgIZHQ1o7u9otwhC40=; b=NvODEVLBjE0ohDR9YxVbwSUN7go5BnvI2ffutqNgmEAO3LCdGphWEQPuSRzvxhtENt r0r0YHAZQbtFjiXZwPGqzm4SaHwSunGPn3q6dh8AY1admmVj6rpSzdZyo2yL1w8e/NOP 0ozmqmKbBnIEbWqI2fJOYgB0mlYz/SGbyU5syYNAq6FOeNq4WHk7Eee3k9pGJsqXZI1r OGxsen78ImZEPs8Sx2uaOQzEM+c58TQ1foIBEbC2wn2hrbMlruYFcNQeitPQYtsLC6BO T8VD+11BW7QGKZt+0GUVouou9gHvvEjqENlrVSh/ci871W9JEPz8WITFvhiQi1O2e+H2 5dQQ==
X-Received: by 10.194.100.42 with SMTP id ev10mr35382796wjb.50.1437210034248; Sat, 18 Jul 2015 02:00:34 -0700 (PDT)
Received: from [192.168.0.193] ([95.61.111.78]) by smtp.googlemail.com with ESMTPSA id gb16sm1626266wic.5.2015.07.18.02.00.32 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Jul 2015 02:00:33 -0700 (PDT)
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CAOJ7v-0UBGtP0-atxP7X4OTj-H6Lost5o42aAS65mA6CEqcQsw@mail.gmail.com> <CA+65OsrhXHK+cRAFLCZFt+34vr8eRhj+CN3DgznUBfSwmWYggw@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <55A99148.1040105@gmail.com> <CAOJ7v-1cB47793yH+-mWrdU9rNqX=+HadZpbRf3PezXspqLm1A@mail.gmail.com> <55AA1039.7070403@gmail.com>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <55AA15AF.40908@gmail.com>
Date: Sat, 18 Jul 2015 11:00:31 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <55AA1039.7070403@gmail.com>
Content-Type: multipart/alternative; boundary="------------030001080508050405060004"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/RdwA50pnHBWzuGolJFRrvhnJYkY>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2015 09:00:37 -0000
On 18/07/2015 10:37, Sergio Garcia Murillo wrote: > On 18/07/2015 2:19, Justin Uberti wrote: >> >> On Fri, Jul 17, 2015 at 4:35 PM, Sergio Garcia Murillo >> <sergio.garcia.murillo@gmail.com >> <mailto:sergio.garcia.murillo@gmail.com>> wrote: >> >> On 18/07/2015 1:09, Justin Uberti wrote: >> >> Agree, for each HOST candidate, it should send a STUN request to >> the turn server from that IP:port. But shouldn't the VPN >> configuration prevent the non-VPN-host-candidate STUN request to >> be sent via the non-VPN-interface? (i.e. applying default route >> based on dest?) >> >> >> Replying to Sergio: >> >> Typically with a VPN, the non-VPN interface is locked down so it only >> has a single route: to the VPN server. However, split tunnel VPNs >> allow the non-VPN interface to route to other addresses (possibly, >> for performance reasons), so in this case, the non-VPN-host-candidate >> STUN request will be sent successfully from the non-VPN interface. >> >> Sometimes this will be desirable: imagine someone working from home >> who wants to connect to their corp VPN, but wants to have their video >> conferencing traffic not go through the VPN. Sometimes this will not >> be desirable, i.e. when the VPN is being used for privacy. This makes >> picking a perfect default setting difficult, although we have some >> ideas that we are exploring. > > Agree, but IMHO in the case of case of split tunnels, shouldn't that > issue be solved better if the VPN is configured with the only the > routes to the corporate system via the VPN and leave the default route > for the non-VPN-interface for all the other traffic? > > You know that I am all for fixing connectivity issues in corp networks > (my business depends on that!) but in this case I think the privacy of > non-WebRTC users that has a VPN configured correctly should be more > important than solving the issues of someone willing to do WebRTC but > not doing enough to make it work. > > Could you share the ideas in the list? As Firefox and Edge might have > the same behavior (and issues) I think it could be interesting if we > can get to a good common solution and add it to the security draft (if > you have not done it already ;) > BTW, shouldn't this conversation be crossposted/forwarded to the TRAM list as well? Best regards Sergio
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount