IETF Logo Mail Archive

Re: [rtcweb] Please require user consent for data channels

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Fri, 17 July 2015 23:35 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2591A92E1 for <rtcweb@ietfa.amsl.com>; Fri, 17 Jul 2015 16:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_24=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id go7VM5MoeJM8 for <rtcweb@ietfa.amsl.com>; Fri, 17 Jul 2015 16:35:29 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75D5D1A92DD for <rtcweb@ietf.org>; Fri, 17 Jul 2015 16:35:29 -0700 (PDT)
Received: by wgav7 with SMTP id v7so26937980wga.2 for <rtcweb@ietf.org>; Fri, 17 Jul 2015 16:35:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=qITXIYei9XgHhUG7FUCLDADz0MqYeRnKdFXaGFEZPI8=; b=lvXjFByYzCeEgLtqPilSlbcrgX6pdzglbI9bqkikFAKlqdOiPZXVyPZvY7ELMaHq+h kj+MYHKkwjWEWnqoBHsMjy9XoIThdoVCzL92BEEtip3dL9JEEM8ePr1qVjI7+Z63F2O9 HhV2kZYvTa1whp5hy1rcLLjDgy9AfnX/EbiBa8X1+PitPFeTwRuuPeDF5lhlYGtvoF18 fOqVBQgFSgHeyqk/qLGIwUgn0L0G96agcg6RmDRkArYaeA9CFBoPRmyM52j1onpozVS6 EmGTgyKCQBTEulSyu7Y7pG7uvhTKa8mQ2Xb9L0Uv7IOYM26CsJOTkBY7+5lGizt3og6E YP9Q==
X-Received: by 10.180.99.71 with SMTP id eo7mr1260141wib.95.1437176128291; Fri, 17 Jul 2015 16:35:28 -0700 (PDT)
Received: from [192.168.0.193] ([95.61.111.78]) by smtp.googlemail.com with ESMTPSA id jy6sm20309771wjc.4.2015.07.17.16.35.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Jul 2015 16:35:27 -0700 (PDT)
To: Justin Uberti <juberti@google.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CAOJ7v-0UBGtP0-atxP7X4OTj-H6Lost5o42aAS65mA6CEqcQsw@mail.gmail.com> <CA+65OsrhXHK+cRAFLCZFt+34vr8eRhj+CN3DgznUBfSwmWYggw@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <55A99148.1040105@gmail.com>
Date: Sat, 18 Jul 2015 01:35:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/X27FFeiFlWhZv3Z06ZoenwA4o4I>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2015 23:35:30 -0000

On 18/07/2015 1:09, Justin Uberti wrote:
>     Next, the agent uses STUN or TURN to obtain additional candidates.
>     These come in two flavors: translated addresses on the public side of
>     a NAT (SERVER REFLEXIVE CANDIDATES) and addresses on TURN servers
>     (RELAYED CANDIDATES).  When TURN servers are utilized, both types of
>     candidates are obtained from the TURN server.  If only STUN servers
>     are utilized, only server reflexive candidates are obtained from
>     them.  The relationship of these candidates to the host candidate is
>     shown in Figure 2.  In this figure, both types of candidates are
>     discovered using TURN.  In the figure, the notation X:x means IP
>     address X and UDP port x.
>
> In this one is talking about getting server reflexive and relay candidates, but in no way I see that the stun server should be contacted by all the interfaces or overriding default routing from OS.
>
> It is pretty clear from the diagram on page 10 that for each host 
> candidate X:x, the agent will gather a srflx candidate X1':x1' and 
> relay candidate Y:y. This is also spelled out in the text underneath 
> the diagram:
>
>    When the agent sends the TURN Allocate request from IP address and
>    port X:x, the NAT (assuming there is one) will create a binding
>    X1':x1', mapping this server reflexive candidate to the host
>    candidate X:x.
>
> Ergo, one tries to gather srflx and relay candidates for each host 
> candidate X:x.

Agree, for each HOST candidate, it should send a STUN request to the 
turn server from that IP:port. But shouldn't the VPN configuration 
prevent the non-VPN-host-candidate STUN request to be sent via the 
non-VPN-interface? (i.e. applying default route based on dest?)

Best regards
Sergio

v2.23.0 | Report a Bug | By Email