IETF Logo Mail Archive

Re: [rtcweb] Review of draft-ietf-rtcweb-mdns-ice-candidates

Lennart Grahl <lennart.grahl@gmail.com> Thu, 20 September 2018 08:18 UTC

Return-Path: <lennart.grahl@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD3F130E3C for <rtcweb@ietfa.amsl.com>; Thu, 20 Sep 2018 01:18:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8DSwELz4_4m for <rtcweb@ietfa.amsl.com>; Thu, 20 Sep 2018 01:18:22 -0700 (PDT)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86DCD124C04 for <rtcweb@ietf.org>; Thu, 20 Sep 2018 01:18:22 -0700 (PDT)
Received: by mail-ed1-x535.google.com with SMTP id p52-v6so7065929eda.12 for <rtcweb@ietf.org>; Thu, 20 Sep 2018 01:18:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=e5/xrssmHDPOF9a0pHxcKKtfK0Ayb7bPoDPJvrvMUdQ=; b=Bnngcm+HnRmcHYkcEhUnzQiW3kM0kKmhWUW32r3OVG3VH+cIKmp+2qeflxLPe4OXFj 1c25v1CbujofExHQ1Tc0iCnAKJqULZWY61+vhKn2x618us+0lr8sRMSids2u0gN7wyoq SVlUQOr6ch+SEiYPJ/L3ry4VBRgXWWj7cCcrb2Cq009rgCQ7znZMdBLKniVeTUc5wtpF 1isVmphkdQH264WU9Gz+Hvdxj8unkOB+jS6KYazrA+BZ6qHJErIoz7Se7bx2lzBqKOa2 2bvAJzS99TiCgD2szEthO+secWp2RNQXBYeK0t9wIjFTnQ5YCUfO/7RA7K1mH0Eo3Dzf hCdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=e5/xrssmHDPOF9a0pHxcKKtfK0Ayb7bPoDPJvrvMUdQ=; b=ehwA/j82vkYIiyieK3q9MufKw857CrFq472XZpLNf2LCU7ZSiGziYntE+ZMkQ72pAo MGRrjOidYPgWJHmkzfGK4P9HeF94C4VelJvJVjRu9CpVt0/Amy2JxfYDMobFLRa9qBcm WrglIky8Hhdby+FfyBxN2YHMtzPjdrmRbq6zPM+lVDSOhePoII3MVvHr3apjkK5pO4zb lSmAMGip8C4K9KCbr0Hka7VKw50G9e+/ASapzml+D9oN2m5JEEv0vR407m5JkzkWONpm 9ahoGyJzHa+Vq/wTlTy3vGOdBOGTIFOub4dw95Rr+c6ulBJ3HfyqE9hcxGgludv7hWus WQiQ==
X-Gm-Message-State: APzg51Byk11KYyDJPOl5doBmHGnRlUdadYVOkq/bTpy6aNPtt8iQvQra 4XqgdBGrdyNt4byASQc+9JhBS41H
X-Google-Smtp-Source: ANB0VdYXVmIISFXgp9KdAYgV1grewK0EDOiYWo9zhAbCkKG/vCE37/LBuAIeB1hUHbj9MKROb99lAQ==
X-Received: by 2002:a50:d75d:: with SMTP id i29-v6mr2778049edj.17.1537431500751; Thu, 20 Sep 2018 01:18:20 -0700 (PDT)
Received: from [192.168.11.149] ([185.41.76.142]) by smtp.gmail.com with ESMTPSA id h3-v6sm925764ede.42.2018.09.20.01.18.20 for <rtcweb@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Sep 2018 01:18:20 -0700 (PDT)
To: rtcweb@ietf.org
References: <CAOW+2dtkNjzS0DkD37SD=POtC2Nd6Xe=upyjvVoyBnnMw7qwbQ@mail.gmail.com> <CANN+akb1S=eJNhSOT-e6R1yn_u20nuZNwDFEK7S90ksJ3wt95A@mail.gmail.com>
From: Lennart Grahl <lennart.grahl@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=lennart.grahl@gmail.com; keydata= xsBNBFMHjy4BCADZR/nHk6jzDsEA2+dPG13NiXyBl34TtChDsZekZyO5jBgwslLgHVksQxlS 79n1lvVH0MxcI8SFifwLAAIjMfukNLGPAjEyJEQhQVpfXxkJXyZgncM2Wq+nlVCDZTiZLg/E 6jJP1zx9vB7sf5dWaB/Dt0YDHLM86EcDChQur9lrJk9K0Jiwt27Oo3B4FFfIOaVNUXgnRPbr Vw1/+O2jLg87Fsib9LP7Ghyv0Z2/VV7wJ4NLsLmIu60vcZVDYDOvcQRH4FZ76VBvlmlO+2TL 5L6yZLGgXS9GZyF3QXKAwhYqu5ouWEOUgXHch5deryjbENanimj4ntZQmF1nkxSZayk9ABEB AAHNJ0xlbm5hcnQgR3JhaGwgPGxlbm5hcnQuZ3JhaGxAZ21haWwuY29tPsLAfwQTAQIAKQUC UwePLgIbIwUJCWYBgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPmPvtEEgqumkk0H /2dMGPa9VmgR0kmr2inGODWuCy4WXNUxeEMfY/Hob/8Ou50os6iK35TQI9WtvvlAq23aIvoJ +1OjnqekgKmavPoQ0Uf1h2LegiQNKpDGC6/S33SLitQoQyELyJCU5Ato9lIL0AzpLvr+8UaF plWbPB4Z0GfZGBQSyp0Dmdeb00sld378m9qXHByJfHjPGiDFY+el1talbCuxS87+SvwIvM05 5m1/ceJbZDjx3trvgzbSQOHMT82/Hva7cSyVAch7mJc/lIq2Q0hjoZlD9nqS6gVJ9PQnEW8z dAXXVvBoy9DtomH18jimq+xUxeBwiFRB64gZx3Yyo1CKgULzeWaQ/qfOwE0EUwePLgEIAKP+ Dw5Ow5QuITKcI+ooXZAOBCBOitdsAGrGAEORjv1VyYU1jvjNb07UlRWmpjtaZsQoC2DwfEJy OaBphhErkOVEHCvetfBq8aJ718on4A49XwyQZeyh521BvLQUj0VY5D1iTYzgNVr4Ic39duH/ 00b489Wf9sM7TwzONJOCR5pSKUzYfGUIfQIJRc4tbzOM+bzSknLwbYAWRraOstbRjf2+V3pf 46mzv8tteLnsMm91qshFUwiBfeMNZiKAM3eid80ghlEbQo5J07FOrqK1GxqMi8LQT/oA5lpu +BB6UzGP5nQ5fip95zAq3vu+Iasz1DWj6F1HkHDEHfdtVpTAN70AEQEAAcLAZQQYAQIADwUC UwePLgIbDAUJCWYBgAAKCRD5j77RBIKrpihiCACQq7ARCPSzDrtUcq3uTdP+fMHp8YCYD4UD fdt3vcw4a5JESaknUcWi7CbQrdcLT7iIFYa3pk5I8w4n2lH29uUTWwt9boDtdYkBY5a4Rg+m Z9ndsLh0fHdZM6BXv/6gWMMdGbV5+xcV0FDcXZIlHLZIriDgeZQR3cDEa9lFWUYrI9KKmdoq ngaND7jPZaMCyvn9VDOAGBWxg49gQV/x1d+DiIyMbF9J+ya4YqaSZtu2y/H03eVCawmI6SMH UzdOo+Yqen3Udcdur0KnWMUOP3FIdjgxaPoIEKfFTBy7n8rlzrrTzyrv5Gouusxj0JHMwvuh ixK1bmVy/XYqoG0TVwBt
Message-ID: <b890dedd-9f32-890f-3719-5c0c8ffa8345@gmail.com>
Date: Thu, 20 Sep 2018 10:19:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <CANN+akb1S=eJNhSOT-e6R1yn_u20nuZNwDFEK7S90ksJ3wt95A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/bz5wLFH4EhuQ_j11gU_8kulV0YQ>
Subject: Re: [rtcweb] Review of draft-ietf-rtcweb-mdns-ice-candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2018 08:18:24 -0000

On 14.09.18 19:44, youenn fablet wrote:
> Agreed that this proposal does not solve all cases.
> But it does so in a number of cases like home/small office scenarios.
>
> [...]
>> In general, I do not think there is a guarantee to successfully connect
> without sometimes relying on TURN servers.
> This proposal and other solutions should allow reducing the need to use
> TURN.

The problem I see is that the document deteriorates the default
situation while it only levels it out for home/small office scenarios.
For the majority of implementations (which use mode 2 by default) the
host-to-host connections will less likely succeed than previously.

> Describing precisely the problematic scenarios is useful as we can find
> additional means specific to those scenarios.
> For instance, can it be envisioned to deploy STUN servers inside the user
> network for the financial applications/branch offices scenarios you are
> mentioning?

Perhaps its feasible for those use cases where the administrator is
already aware of the software but definitely not for small applications
such as sharedrop.io, Threema Web whose main use case is the direct
connection in same network environments and its significant benefits
regarding throughput.

Cheers
Lennart

> 
> Le ven. 14 sept. 2018 à 00:10, Bernard Aboba <bernard.aboba@gmail.com> a
> écrit :
> 
>> While I understand the overall goal of this document,  it strikes me as
>> suffering from two major problems:
>>
>> a. Introduction of backwards compatibility problems and potential
>> additional delays due to utilization of name resolution mechanisms in ICE,
>> with a corresponding benefit (successful connectivity checks between host
>> candidates on the same network) which is only a marginal improvement over
>> mode 3 (no host candidates).
>>
>> b. Over-reliance on permission mechanisms which have already been
>> stretched to the breaking point, leaving the potential for collateral
>> damage in data channel-only scenarios. Due to limitations in the current
>> permissions mechanisms, it is not currently practically impossible to
>> distinguish legitimate data channel applications that would obtain
>> permissions if there were usable means to do so from illegitimate
>> applications attempting to compromise user privacy.
>>
>> Data-channel only scenarios that would be impacted include those where:
>>
>> 1. Permissions cannot be obtained (e.g. where there is no microphone or
>> camera attached to the device so that getUserMedia will always fail).
>>
>> 2. Low latency communications is a requirement so that TURN server
>> traversal is unacceptable (e.g. in financial applications where there may
>> be regulatory requirements relating to allowable delays).
>>
>> 3. TURN traversal would impose an unacceptable financial cost, such as in
>> branch office scenarios where a TURN servers is not provided in each branch
>> office, and branch office connectivity may be constrained (still an issue
>> for branch offices located on other continents).
>>
>> Essentially, the problem is that these scenarios may have valid reasons
>> why they cannot utilize or do not wish to utilize getUserMedia as a
>> permission-granting mechanism.

v2.23.0 | Report a Bug | By Email