IETF Logo Mail Archive

Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

westhawk <thp@westhawk.co.uk> Sun, 01 April 2018 00:12 UTC

Return-Path: <thp@westhawk.co.uk>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9B612711E for <rtcweb@ietfa.amsl.com>; Sat, 31 Mar 2018 17:12:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptKDhhZ2L_iD for <rtcweb@ietfa.amsl.com>; Sat, 31 Mar 2018 17:12:17 -0700 (PDT)
Received: from smtp001.apm-internet.net (smtp001.apm-internet.net [85.119.248.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87261127078 for <rtcweb@ietf.org>; Sat, 31 Mar 2018 17:12:17 -0700 (PDT)
Received: (qmail 34313 invoked from network); 1 Apr 2018 00:12:15 -0000
X-APM-Authkey: 255286/0(159927/0) 3
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp001.apm-internet.net with SMTP; 1 Apr 2018 00:12:15 -0000
Received: from localhost (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id A947618A0AFD for <rtcweb@ietf.org>; Sun, 1 Apr 2018 01:12:15 +0100 (BST)
Received: from zimbra003.verygoodemail.com ([127.0.0.1]) by localhost (zimbra003.verygoodemail.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oDx1150r8S8U for <rtcweb@ietf.org>; Sun, 1 Apr 2018 01:12:15 +0100 (BST)
Received: from [192.67.4.84] (unknown [192.67.4.84]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id 7E4C618A040D for <rtcweb@ietf.org>; Sun, 1 Apr 2018 01:12:15 +0100 (BST)
From: westhawk <thp@westhawk.co.uk>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Sun, 01 Apr 2018 01:12:14 +0100
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <63282b84-4493-3fcb-a95f-4afe17d96bb6@cs.tcd.ie> <CAOJ7v-1gTq+EEjb+-q-T-pABBW--rpNGegoj_d2_7f7AKGksCA@mail.gmail.com> <403713b4-31d4-9085-d639-d3f60935ed5a@cs.tcd.ie> <CAOJ7v-0ED-FK=JmSxBJYfM=PCdgY6kmbiq6aFLcP7OXugG07EA@mail.gmail.com> <e6938f7d-542d-736b-0a3d-9269d7dd06e5@cs.tcd.ie> <CAOW+2dv1ORz2tEkgDTvdM1DtgyOdgXqKU30T4QhLAp1NT+rirg@mail.gmail.com> <CAOJ7v-0tCcg3FdzyfSJ6Y3JaH-TivFf-Sey6+tD8BANJKsjqtQ@mail.gmail.com> <1fceb3c4-35f3-34f7-de1d-79d5805e6d22@gmail.com> <9517D601-D3E8-46E1-94E5-7EC29FD6319B@sn3rd.com> <b5d323ac-2205-2aee-05c9-f270e80215f5@gmail.com> <CAOJ7v-0+hr-NddbLCwgjkfyEFEzoLYW8BcE5OYZ+HUiqDRnarg@mail.gmail.com> <0dee004d-159a-a9be-a0b8-ecbfd4204d72@gmail.com>
To: RTCWeb IETF <rtcweb@ietf.org>
In-Reply-To: <0dee004d-159a-a9be-a0b8-ecbfd4204d72@gmail.com>
Message-Id: <03D3C806-B93F-4CD0-B57B-507B07E869A0@westhawk.co.uk>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/bm--cuZky1-icTRhpLCnHcwrLbI>
Subject: Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Apr 2018 00:12:20 -0000

GuM permission is the wrong trust measure here.

So for example, If I use webRTC to get a realtime feed from a webcam/ baby monitor
then I won’t use GuM, all my recv_only video traffic will go via a TURN server
even if I’m on the same Wifi ?

Likewise if I use webRTC DC to control my lighting, I get extra latency because
I don’t need GuM?

(Both of these are real projects).

My current workaround is to use the camera to scan a QR and piggyback off
that permission. (Which is crazy).

The IP address reveal is unrelated to the UserMedia.
It is a ‘Trust/location' issue.

Also - if GuM permission was granted for this origin, does this mean that 
subsequent page loads that _don’t_ request GuM don’t get local candidates
even if they would get GuM if they asked for it?
(i.e. if I’ve once scanned a QR on this domain, do I always reveal my local/public IPs?)

Try explaining the logic of any of that to anyone outside this group….

Tim.

> On 1 Apr 2018, at 00:47, Lennart Grahl <lennart.grahl@gmail.com> wrote:
> 
> On 01.04.2018 00:26, Justin Uberti wrote:
>> As stated before, this is not a problem unique to web browsers. That is, by
>> installing a mobile application, you implicitly allow it to use all of your
>> network interfaces. As such, trying to design browser mechanisms for
>> networking consent seems like misdirected effort.
> 
> First of all, that comparison doesn't really work for me since an app is
> much less of a sandbox. So, I personally do not trust arbitrary websites
> but I do trust apps that I install (or I just don't install them, or I
> partially trust them and revoke some of the permissions they have).
> 
> It's all about expectations: WebRTC networking is special - it does
> networking entirely different to what people were accustomed to in
> browsers. Which is probably why people are so irritated when they learn
> that it leaks IPs even though they've set a proxy or a VPN. And along
> with the argument that gUM just does not work for a bunch of use cases,
> that is the rationale for my suggestion towards a networking "consent"
> mechanism. With that mechanism in place the user has a voice, we cover
> more use cases, browsers can ship stricter modes by default without
> breaking everything we love about peer-to-peer connections and privacy
> extensions might consider dropping WebRTC from their blacklist. I
> honestly do not see this as being terribly misguided.
> 
>> Perhaps the key issue here is the word 'consent'. If we replaced this with
>> some notion of 'trust', i.e., that the user has specifically engaged with
>> this app with the intent of having a communications session, maybe that
>> provides a way out, as one can easily claim that installed mobile
>> applications and web apps with gUM rights are 'trusted'.
> 
> I'm sorry but I don't really see the difference. gUM requests a
> permission to access your camera and your microphone and then assumes
> you're "trusting" the page for something different as well.
> 
>> 
>> On Sat, Mar 31, 2018 at 3:18 AM Lennart Grahl <lennart.grahl@gmail.com>
>> wrote:
>> 
>>> I really don't have a good suggestion other than being completely
>>> honest: "Hey user, I want to establish a direct connection - is that
>>> okay for you? Oh, and here is a help page that will tell you what impact
>>> this may have on your privacy..."
>>> 
>>> These permission requests don't have to be mutually exclusive either.
>>> The above request could also be embedded inside the permission request
>>> for getUserMedia to avoid multiple requests:
>>> 
>>> Camera to share:
>>> [WebCam 3000 |v]
>>> :WebCam 3000   :
>>> :WebCam 4000   :
>>> 
>>> Direct connection: (?) <-- "help" button
>>> [No (Default)                    |v]
>>> :Yes                               :
>>> :Yes, but hide private addresses   :
>>> :No (Default)                      :
>>> :No, and force using a proxy       :
>>> 
>>> [x] Remember the decision for this page
>>> 
>>> [Don't allow] [Allow]
>>> 
>>> Cheers
>>> Lennart
>>> 
>>> On 31.03.2018 00:12, Sean Turner wrote:
>>>> 
>>>> 
>>>>> On Mar 29, 2018, at 23:48, Lennart Grahl <lennart.grahl@gmail.com>
>>> wrote:
>>>>> 
>>>>> I'm fine with the modes, I don't have a strong opinion on whether or not
>>>>> an IETF document should include some form of "consent". But I do have a
>>>>> problem with the suggestion to use getUserMedia. Can we maybe remove it?
>>>> 
>>>> As the draft shepherd, I’m trying to figure out how to draw this WGLC to
>>> a close all in the hopes that we can help each other get this RTCweb WG
>>> ship docked.
>>>> 
>>>> As far as dropping the getUserMedia suggestion, I’m a little hesitant to
>>> just drop it at this late date.  That suggestion has been in the draft
>>> since October 2016 and it’s stood the test of a couple of WG reviews; not
>>> last calls mind you but there’s been plenty of time for folks to say get
>>> that outta there.  And technically, it’s just a suggestion with no
>>> normative language.  So … maybe a happy middle ground is to have another
>>> suggestion so that there’s more than one potential mechanism?
>>>> 
>>>> spt
>>>> 
>>> 
>> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email