IETF Logo Mail Archive

Re: [rtcweb] Nils comments [Was: WGLC for draft-ietf-rtcweb-ip-handling]

Nils Ohlmeier <nohlmeier@mozilla.com> Mon, 16 April 2018 22:40 UTC

Return-Path: <nohlmeier@mozilla.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B9DE129C6C for <rtcweb@ietfa.amsl.com>; Mon, 16 Apr 2018 15:40:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kk1qVVs2CcN9 for <rtcweb@ietfa.amsl.com>; Mon, 16 Apr 2018 15:39:59 -0700 (PDT)
Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5AE2129C51 for <rtcweb@ietf.org>; Mon, 16 Apr 2018 15:39:59 -0700 (PDT)
Received: by mail-pg0-x231.google.com with SMTP id z135so2077769pgz.3 for <rtcweb@ietf.org>; Mon, 16 Apr 2018 15:39:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=0FLF+Lu5nlh4aV4GzW5ZHpO8w7rRPXTQhwaJ5aljlNo=; b=Q1clFsMsK1KoLVD/ZgS/8rVrmrgxxVLK9Ya6ukOAfBD3pWD40Lq+XI1n6lB71SJ/ga 1MB3Cv9yzz8lOVhgHaK3KBzpoX282Fk2HiYeuM77vuaZknzfEkHRLWJsaViQPObw5Xga DoyLN0TYtnamtDpdyOL3m8qipQO4IxUk28i+4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=0FLF+Lu5nlh4aV4GzW5ZHpO8w7rRPXTQhwaJ5aljlNo=; b=KdEJWF7okBE6DEwtUABQkS/tyEY08+EvtZZqdp046ZTiWJo3glRp3zDE/dApKQQ3Q6 Ztm/L+xxfVDX9NegHheYAcOYLZUQhq7+4RNTR6YKP3FCDwXOEVDhpUXzl2oHtw9jTkJs GlOVyAGDwEAU9UlOcT7fpX3tgQmQVgJaRy9R7Jrw9XGrm9B5FsiN0MmGBmqtO42qMmPV mbZRmUjJpv2qXRRSE6jYZPVdXuglEhcTud6Qdau1bozR1nBMvBToCg1TB3jkpFxTXdJ0 uyjLh34vgND903YXPpDT9hW0+L04Z2lRhErgJZxsnsZYA8BR5464+DPzslejGGUkmIeY p3bQ==
X-Gm-Message-State: ALQs6tBmm7aOGe8t3UJXJSurFh1dFSNv8CRUk7rTEUkiLFqK8yU6c/72 uEPEo2RyBJiDTM3coDlL/K/3Hw==
X-Google-Smtp-Source: AIpwx4/34iejPMJnNIJhtiT2+ZnTcOBGhdXI8WiqvnvHfuj1LqIHnoE6gn0UDlGkMYrU8DobM4p2hw==
X-Received: by 10.98.36.76 with SMTP id r73mr23276256pfj.108.1523918399241; Mon, 16 Apr 2018 15:39:59 -0700 (PDT)
Received: from ?IPv6:2601:647:4600:3f31:f852:23b2:93cc:d900? ([2601:647:4600:3f31:f852:23b2:93cc:d900]) by smtp.gmail.com with ESMTPSA id e19sm14119335pff.169.2018.04.16.15.39.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Apr 2018 15:39:58 -0700 (PDT)
From: Nils Ohlmeier <nohlmeier@mozilla.com>
Message-Id: <296F0D20-F716-4C6C-8ABB-9FC21FC8189D@mozilla.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_F3559E09-4FE8-47C2-9396-130384A3EA5B"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Mon, 16 Apr 2018 15:39:56 -0700
In-Reply-To: <CAOJ7v-38kH4peZVVJU8itve2P+93eGaVdJ60MVcaRo3Xu86uTQ@mail.gmail.com>
Cc: Sean Turner <sean@sn3rd.com>, RTCWeb IETF <rtcweb@ietf.org>
To: Justin Uberti <juberti@google.com>
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <F9EB7388-9E76-43E0-8C9B-61D3E50357F7@mozilla.com> <CAOJ7v-38kH4peZVVJU8itve2P+93eGaVdJ60MVcaRo3Xu86uTQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/TxO_on7DO5KObibp0ezKkkvKN0s>
Subject: Re: [rtcweb] Nils comments [Was: WGLC for draft-ietf-rtcweb-ip-handling]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 22:40:01 -0000

> On Apr 16, 2018, at 15:28, Justin Uberti <juberti@google.com> wrote:
> And lastly I think the discussions in the above bug reports have brought up the point that TURN relays might not be trustworthy either.
> I’m assuming it’s only a matter of time until when some evil actors will provide fake TURN implementations to gather the browsers routable IP from the TURN layer.
> Therefore I think it would make a lot more sense to specify two different modes:
> - Mode 4: Relay only: only TURN relay candidates are gathered.
> - Mode 5: HTTP proxy only: all WebRTC media traffic is forced through a HTTP proxy.
>                 If no HTTP proxy is configured no candidates are gathered.
> I realize that the process might have gotten already to far to follow this suggestion.
> 
> 
> How would relay-only help here? The web application can still learn the IP directly from the TURN servers.

At least no IP addresses from your local network are exposed on the signaling path.
Yes if you don’t trust the TURN relay this is the same as Mode 3.
It might make a difference if one has a TURN relay configured in his/her browser (which results in the web browser ignoring the TURN relays from web application), which is not part of the web application.

Best
  Nils Ohlmeier.

v2.23.0 | Report a Bug | By Email