Re: [rtcweb] Please require user consent for data channels
Justin Uberti <juberti@google.com> Sat, 18 July 2015 00:20 UTC
Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E471A0BE8 for <rtcweb@ietfa.amsl.com>; Fri, 17 Jul 2015 17:20:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.788
X-Spam-Level:
X-Spam-Status: No, score=-0.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PrPAZdi06DHG for <rtcweb@ietfa.amsl.com>; Fri, 17 Jul 2015 17:19:58 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFAF21A0AC8 for <rtcweb@ietf.org>; Fri, 17 Jul 2015 17:19:58 -0700 (PDT)
Received: by iebmu5 with SMTP id mu5so87013104ieb.1 for <rtcweb@ietf.org>; Fri, 17 Jul 2015 17:19:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=WEaWtq8Yr4zrYFuHAbAlidR7y3W0MTqwOWKsuu3b1So=; b=IZA+mEdZVALQqa19QhHqbOy05pSkXecIV+RycWp/cnxBzCp1QHwm2OYS4oMbQ3ULdo joOGdOdK+fyyNpSjlomkv4eECc2odSRshyYwCaU3KqNfu12EosfVkYyH8WRekvvVi9PN HLPZWDUHyL6hxX2oSKtEONYriz0hfc1nliMa5OagX8th60r/kPYAfS6T7b71X5Uec7gc EdCoEQZ5w2Ire32ekp+qS9TYjcaKjgMXgCBhcWRo70SIYMA/TrqfWiLJ+quc+Rrrynkr gKwxUlFx/W5QUgRwPXmkecWzHxjDfRnqbNd3+fY6yih9TahFAgR6OEtR2+eW6vrJIBMg gVxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=WEaWtq8Yr4zrYFuHAbAlidR7y3W0MTqwOWKsuu3b1So=; b=RIhCAU7yOXx5sAqEvOVly67UKe45Ik324S0ZXsfiRPa3nDfpcIbrbcyRJRIsq7aPI2 ZPdQoqx4Hp6OEwcRsg6w3oKnFD8vlhDaUjCkbGKbORoIZUcOq9Y7/HS/DsWuhIy3G5FI MaX59Usj8XjwigqPKqmPRpfN1ARba2Ol09Qoo3SSRGWCfHQrLiFcp/QLryffdqFgMGTX K3ssicz+/rxyuPxPWWy3z+2tro4esZFRmJxRj19Dr4RyGHhXDuTCFFK9CcX/YH1RtJot WGsiJUkn92MOjdHBSzxMyPdrQpgENMVhTeQE9F8ZeUcI7yYbbC+5ZILDNPvRhm9OJ7LN JcdQ==
X-Gm-Message-State: ALoCoQnmBSLPKyqQNAb6yZqNwLS+lFz3uERq4tWv6dntB5TuuajwYKDY/uUwLFzgth8RPIzPlZWW
X-Received: by 10.50.7.104 with SMTP id i8mr193729iga.50.1437178798065; Fri, 17 Jul 2015 17:19:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.32.233 with HTTP; Fri, 17 Jul 2015 17:19:38 -0700 (PDT)
In-Reply-To: <55A99148.1040105@gmail.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CAOJ7v-0UBGtP0-atxP7X4OTj-H6Lost5o42aAS65mA6CEqcQsw@mail.gmail.com> <CA+65OsrhXHK+cRAFLCZFt+34vr8eRhj+CN3DgznUBfSwmWYggw@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <55A99148.1040105@gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Fri, 17 Jul 2015 17:19:38 -0700
Message-ID: <CAOJ7v-1cB47793yH+-mWrdU9rNqX=+HadZpbRf3PezXspqLm1A@mail.gmail.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Content-Type: multipart/alternative; boundary="089e01183ebcbcf6d0051b1b431a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/aHVEf8d0T13r2pThpmld2gxgRsk>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2015 00:20:00 -0000
On Fri, Jul 17, 2015 at 4:35 PM, Sergio Garcia Murillo < sergio.garcia.murillo@gmail.com> wrote: > On 18/07/2015 1:09, Justin Uberti wrote: > >> Next, the agent uses STUN or TURN to obtain additional candidates. >> These come in two flavors: translated addresses on the public side of >> a NAT (SERVER REFLEXIVE CANDIDATES) and addresses on TURN servers >> (RELAYED CANDIDATES). When TURN servers are utilized, both types of >> candidates are obtained from the TURN server. If only STUN servers >> are utilized, only server reflexive candidates are obtained from >> them. The relationship of these candidates to the host candidate is >> shown in Figure 2. In this figure, both types of candidates are >> discovered using TURN. In the figure, the notation X:x means IP >> address X and UDP port x. >> >> In this one is talking about getting server reflexive and relay >> candidates, but in no way I see that the stun server should be contacted by >> all the interfaces or overriding default routing from OS. >> >> It is pretty clear from the diagram on page 10 that for each host >> candidate X:x, the agent will gather a srflx candidate X1':x1' and relay >> candidate Y:y. This is also spelled out in the text underneath the diagram: >> >> When the agent sends the TURN Allocate request from IP address and >> port X:x, the NAT (assuming there is one) will create a binding >> X1':x1', mapping this server reflexive candidate to the host >> candidate X:x. >> >> Ergo, one tries to gather srflx and relay candidates for each host >> candidate X:x. >> > > Agree, for each HOST candidate, it should send a STUN request to the turn > server from that IP:port. But shouldn't the VPN configuration prevent the > non-VPN-host-candidate STUN request to be sent via the non-VPN-interface? > (i.e. applying default route based on dest?) > Replying to Sergio: Typically with a VPN, the non-VPN interface is locked down so it only has a single route: to the VPN server. However, split tunnel VPNs allow the non-VPN interface to route to other addresses (possibly, for performance reasons), so in this case, the non-VPN-host-candidate STUN request will be sent successfully from the non-VPN interface. Sometimes this will be desirable: imagine someone working from home who wants to connect to their corp VPN, but wants to have their video conferencing traffic not go through the VPN. Sometimes this will not be desirable, i.e. when the VPN is being used for privacy. This makes picking a perfect default setting difficult, although we have some ideas that we are exploring.
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount