IETF Logo Mail Archive

Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

Justin Uberti <juberti@google.com> Fri, 20 April 2018 17:41 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC771127137 for <rtcweb@ietfa.amsl.com>; Fri, 20 Apr 2018 10:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dbh92uDBQJCX for <rtcweb@ietfa.amsl.com>; Fri, 20 Apr 2018 10:41:08 -0700 (PDT)
Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 937E612D87F for <rtcweb@ietf.org>; Fri, 20 Apr 2018 10:41:08 -0700 (PDT)
Received: by mail-ua0-x22d.google.com with SMTP id j18so6205833uae.12 for <rtcweb@ietf.org>; Fri, 20 Apr 2018 10:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KCDoLMB0Mkp8aWU5aFC7ekxCQl9gCBhUSmL6O8xrH8U=; b=j9c80ZIOVCN8VNdabtohxvBUocd6+DIxwTaVRtaekAp2h2+mfGI3Uv2M7X6EbZWtCH lKbZj7u3GDbE1dRtSeHZf782wn4WRs77IYK7vd3QGCArNvm4LDiUfo33zSk4NYFjZ6P3 bPZ+qvp4D1AVecZYWs47cojpN3cCXzqNNLdLccbWZa4KjlZ7jwbNvYoaxMDAW+MgOOx4 365qwaWNn9MV33zlKqweHMo92xpDXXKPZ6klqhOmVxH3gcv8LuocWXhRiFCjXiIdrd7q LL1T+rN8GShzLn7Jm0VK9YSui8tjJk+/gMfGsIlTgnHusbRl9sCKCo9sNTgX7A3ydsgs brsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KCDoLMB0Mkp8aWU5aFC7ekxCQl9gCBhUSmL6O8xrH8U=; b=ejd6QelDWRd+kKCDuYBoX9qs1sS2bj2JM5jn+G4zTOoYK72Y5vOPmUp5w8RAgCjS9c X/oyLpMqgB6h+xA5/+sEsloUwONS3sQKjjJvPuenic5jgwDqY7s0PUfm4aai3noWJNrn +aYE+DqDp7JY7u0erceZM+ArihHhCdvyUCS2p/HneUmnYQyEStGkhmpGMnY8xdde4Fn1 khiDgSJ1P5orMjleGxo8nRCRrvwGXFq8ZLs44BL5YVHMgU0lBxnwESs/9IVfQt6QYYN/ wVVB9TMDZdenw0gKqkBEkY1Eb2YEMepC8LP/mF0s8QnQwOqRFfiZzNVS18q4yRwveQRB BfFQ==
X-Gm-Message-State: ALQs6tCcK+YEnxiQDy88dwlIqE97Wy8YjUYDVXkNErK1iPSnZqJRhGNt dH41EBzq8r7Hm8rGQ6Z2kpsvByVlbY2Gw8heaXjzCg==
X-Google-Smtp-Source: AIpwx49Prli09TEM5mjY5AwkprayyLPL0CFJ5p+Pk/cUvdGtWF1YTswGJWTE3+qpkrfSjBA3Ppk+NrY5Ka23TpaqzUI=
X-Received: by 10.159.41.99 with SMTP id t90mr8589584uat.127.1524246067186; Fri, 20 Apr 2018 10:41:07 -0700 (PDT)
MIME-Version: 1.0
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <CAOJ7v-3NsqD6pq-kkMw81+2n_D8qf558CKeCE76ZypyxwCgs9g@mail.gmail.com> <CAOJ7v-2NJ1vhVUerZ1cn8MP9hD_vgAYBurjeQKMx76Aa_U=n=Q@mail.gmail.com> <A8B32C11-30BD-4DA8-9BAB-FA26747BFF66@westhawk.co.uk> <CAOJ7v-0VNCjGdhtz56jwwksBcfPk=9wuxfMgwi8mq7ViFyWpuw@mail.gmail.com> <DDEE408B-B49E-465E-B17B-C2813AF4F2F4@westhawk.co.uk> <CAOJ7v-26f1hrujtegK6_U50E0MZPy5zmf0yDUWBY5oqrKQmGQg@mail.gmail.com> <CAOJ7v-2fn-SdR2VUbVVHbMB-_Rw9gV0nsRnc2Ace+682LBJBag@mail.gmail.com> <7E9CBD87-6C00-4CF8-AEDE-D2AEFC3213FA@westhawk.co.uk> <CAOJ7v-1sHcm46BCttHMNA4gjUTL98RwBRm-H1HGpF7Bwx2ceGA@mail.gmail.com> <03257894-7D79-463D-BC3A-5B388680A3E7@sn3rd.com> <CAOJ7v-3ycQH4Ho9OJsuYRR3M4GwsPGGkHzx=E0hKbFObSjRxkw@mail.gmail.com> <C06A6EB6-5CD2-4F33-8495-4CC42FFF169B@mozilla.com> <CAOJ7v-1YC9BEtYXLDAjDVaWBT1odawV39+4NTBmc0RG9pMF06g@mail.gmail.com> <a9520cb1-4d63-5ffa-c01f-0bf8c13826a6@gmail.com> <CAOJ7v-3HBRjiRdfx=2ZWPJ=NjZdcWKFjTtEjAM0qMr6q5j207A@mail.gmail.com> <e934abaf-ef1e-027f-8d7c-cc594ddc6ead@gmail.com> <0B04D27C-316A-41D2-91B9-01CD2A784D68@sn3rd.com> <CAOJ7v-011W2E8adjS1p0q6ctH+9O_Gpoa9sBUckBPFMVh-RUUg@mail.gmail.com> <8F091C3B-D150-4196-85DB-B5C42AD6E4F0@mozilla.com>
In-Reply-To: <8F091C3B-D150-4196-85DB-B5C42AD6E4F0@mozilla.com>
From: Justin Uberti <juberti@google.com>
Date: Fri, 20 Apr 2018 17:40:54 +0000
Message-ID: <CAOJ7v-3w4riDhuK6=mPP83fvxmTYQdNWExtDLsi5d1TcpU1GcA@mail.gmail.com>
To: Nils Ohlmeier <nohlmeier@mozilla.com>
Cc: juberti=40google.com@dmarc.ietf.org, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="001a114dfb38636805056a4b31fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/dZ_XFFjYyVdIge-qLQd-VLXb-Rc>
Subject: Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2018 17:41:12 -0000

On Fri, Apr 20, 2018 at 10:18 AM Nils Ohlmeier <nohlmeier@mozilla.com>
wrote:

>
> On Apr 20, 2018, at 07:48, Justin Uberti <
> juberti=40google.com@dmarc.ietf.org> wrote:
>
> Small PR for improved text:
> https://github.com/juberti/draughts/pull/100/files
>
>
> I think this helps.
>
> I guess that the implementation is suppose to fall back to mode 3 (vs not
> work at all) derives from the “This is the same as Mode 3,…” part?
>

Correct.


> The only option which comes to my mind to make this more explicit would be
> to add another sentence like “If the applications HTTP traffic is not
> proxied it should fall back to Mode 3”.
>

I thought about this but decided just to clarify the sentence where it
refers to Mode 3, since adding an explicit sentence felt like belaboring
the point. If you still feel this is unclear I could be convinced.

>
>   Nils
>
> On Fri, Apr 20, 2018 at 5:50 AM Sean Turner <sean@sn3rd.com> wrote:
>
>> I’m going to go ahead and push this draft towards Adam (our AD) and we’ll
>> treat this as an IETF LC comment to get fixed up before the IESG telechat
>> (i.e., Justin just throw a PR in for whatever change, but there’s no need
>> to spin a new version).
>>
>> spt
>>
>> > On Apr 19, 2018, at 21:10, Lennart Grahl <lennart.grahl@gmail.com
>> <lennart..grahl@gmail.com>> wrote:
>> >
>> > On 20.04.2018 02:02, Justin Uberti wrote:
>> >> On Thu, Apr 19, 2018 at 4:41 PM Lennart Grahl <lennart.grahl@gmail.com
>> >
>> >> wrote:
>> >>
>> >>> On 20.04.2018 01:29, Justin Uberti wrote:
>> >>>> On Thu, Apr 19, 2018 at 9:22 AM Nils Ohlmeier <nohlmeier@mozilla.com
>> >
>> >>> wrote:
>> >>>>
>> >>>>> While I understand the arguments against adding more mode I still
>> think
>> >>>>> the paragraph describing Mode 4 is missing details and causes
>> confusion
>> >>>>> among implementers:
>> >>>>>
>> >>>>> - It is not clear if the word “proxy” refers to a HTTP proxy or a
>> TURN
>> >>>>> server.
>> >>>>>
>> >>>>> This can easily be improved by replacing the word “proxy” with “HTTP
>> >>>>> proxy” everywhere in the Mode 4 paragraph.
>> >>>>>
>> >>>>
>> >>>> The proxy doesn't need to be a HTTP proxy; it could be a SOCKS or
>> RETURN
>> >>>> proxy (SOCKS is specifically noted in the para).
>> >>>>
>> >>>>>
>> >>>>> - It is unclear how an implementation should behave in the absence
>> of
>> >>> such
>> >>>>> a proxy.
>> >>>>>
>> >>>>> I would suggest to add a sentence the implementation should not
>> hand out
>> >>>>> any candidates in the absence of a HTTP proxy.
>> >>>>>
>> >>>>
>> >>>> This is a fair point. However, my take is that the behavior should
>> be the
>> >>>> same as Mode 3 in this case, as the web server already sees the
>> client
>> >>> IP.
>> >>>> I could add a sentence to make this super clear.
>> >>>
>> >>> The web server, yes. But not the other peer. I don't think we can
>> assume
>> >>> trust towards the web server equals trust towards the other peer. I
>> >>> would agree with Nils that it shouldn't hand out any candidates in
>> this
>> >>> case.
>> >>>
>> >>
>> >> This is not unique to Mode 4.
>> >>
>> >> This scenario is discussed in detail in
>> >>
>> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-14#section-5.4
>> ;
>> >> I don't think it needs special mention in this doc.
>> >
>> > Still, I see no possibility for the user to voice it's opinion in this
>> > matter. However, that may simply be an issue for the browser vendors to
>> > resolve (by providing additional browser settings - I think at least
>> > Firefox does that already).
>> >
>> > Then it probably should be clarified because if I'm not mistaken Chrome
>> > gets it wrong, too (no proxy = no candidates). Unless that fourth mode
>> > does not actually map to mode 4 (see
>> >
>> https://cs.chromium.org/chromium/src/content/public/common/webrtc_ip_handling_policy.cc?q=rtcIPHandling&sq=package:chromium&dr=CSs&l=15
>> ).
>> >
>> > Cheers
>> > Lennart
>> >
>> > _______________________________________________
>> > rtcweb mailing list
>> > rtcweb@ietf.org
>> > https://www.ietf.org/mailman/listinfo/rtcweb
>>
>> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email