Re: [rtcweb] Please require user consent for data channels

[Roman Shpount <roman@telurix.com>]

On Fri, Jul 17, 2015 at 9:31 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On Jul 17, 2015 5:01 PM, "Iñaki Baz Castillo" <ibc@aliax.net> wrote:
> >
> > The point is that you don't even choose the interface. The OS will do
> for you.
>
> The OS can - and frequently does - get that wrong. The default route can
> fail when another might succeed.
>
> You can't allow that to happen if you care about connecting successfully.
>
Sending data to a particular destination over an interface that is not
supposed to be used based on the local routing is definitely something that
goes against the local policy and should be discouraged. For instance on a
mobile device, not being able to reach a particular STUN/TURN server over
WiFi, should not give the browser an automatic permission to send media
over cell data interface and generate a huge bill for the customer.
Forcibly overwriting default route is something that should need user
consent. I understand that we want the call to succeed in as many cases as
possible, but blindly assuming that the local routing policy exists for no
reason whatsoever is somewhat dangerous.

Would it make sense to use the default route when sending BIND requests to
the STUN/TURN server and ICE connectivity checks? All the host interfaces,
including non-default, should, of cause, be included as targets for remote
connectivity checks. An extra option should enable using non-default
interfaces to send ICE requests and it should only be enabled if user
explicitly agrees to it. Vast majority of users will never need it anyway.

Regards,
_____________
Roman Shpount