Re: [rtcweb] tweaks for ip-handling language
Eric Rescorla <ekr@rtfm.com> Wed, 16 November 2016 23:58 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D589E129400 for <rtcweb@ietfa.amsl.com>; Wed, 16 Nov 2016 15:58:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNVpNq834VjU for <rtcweb@ietfa.amsl.com>; Wed, 16 Nov 2016 15:58:06 -0800 (PST)
Received: from mail-yb0-x22e.google.com (mail-yb0-x22e.google.com [IPv6:2607:f8b0:4002:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FB1C1296D8 for <rtcweb@ietf.org>; Wed, 16 Nov 2016 15:57:42 -0800 (PST)
Received: by mail-yb0-x22e.google.com with SMTP id d128so47394499ybh.2 for <rtcweb@ietf.org>; Wed, 16 Nov 2016 15:57:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=L4xWu+H7wM57hJSCRcMUbesxFxuOXDDscF8fEh5faYk=; b=gDpvRLppNUFHSoW4MD7AXBN5BFq3FmBXUgRxmTG44vmLCqIoLpdo2afC7PMvaelmo5 HY1pstuMaIufpsB5ORvRKyKrgkvL7oH7b28EFEocCKTJjvIaWukl3Qxiy+p2B29kNc+d zFw5WuIddkwdWh9zxZXIjVIn5GUyqbN2gWyQGKB5rPAJoiUP9zklzIGbftfFz15G2vl7 B6FX8VCzcJl/YFddS/regDCx8R4xHs6lPmw6kYt7Pq1SOmo8GEn8BUiMT5tI6Wp1u8Rn z7CggRyofwJmNqMETL441NKIw7YxXNZORbTf4ybe+ovoIaFk4a/bVdWKikIK4Qt87bPz IQ7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=L4xWu+H7wM57hJSCRcMUbesxFxuOXDDscF8fEh5faYk=; b=nAsdsg+8E6+iQltAiPhQudghBKCK6bZtSuMErMZUR6spJ6956nDXVKW2644+aVmcRW SHkibmhht9c6rInC0CYwZiNl89uFxRKMoOIeShkxfMQMzfYiaRwcjRZZyE3B7cDzhovw c6e48ks5tujdXpQLyhSFn5tS1lNx3s96aZzgPIinfNSMjwbNbmli40ZpT9ZlGNbsxE+g SPp0+8RsUQApQXsIqjoNWydBjGIbpA06IK7aKWSbCkA54j82OKYBYA5aoMWsxfpOcdv+ mzznZb2+d86kzSLCG1qotuXIpjkFxocsMNKLxWdq515zziElqN+cq1bd2lT25o1a2fog DZQQ==
X-Gm-Message-State: AKaTC00d7GYyRxoWxlS+EZUgM+HRp8iK4eIo56xthErnXI3aEmEVrd0G5TELeLoziOgUSycbO3bw7MTgEFV7Xg==
X-Received: by 10.37.171.169 with SMTP id v38mr126215ybi.80.1479340661648; Wed, 16 Nov 2016 15:57:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.159.141 with HTTP; Wed, 16 Nov 2016 15:57:01 -0800 (PST)
In-Reply-To: <CABkgnnUq8diBzbJF+eLtQN1s1bhhHGM3vaAMdJY=QXtQrOT9qg@mail.gmail.com>
References: <C770F9D2-549D-4B33-94CD-6954B433F1B7@cooperw.in> <CABkgnnUq8diBzbJF+eLtQN1s1bhhHGM3vaAMdJY=QXtQrOT9qg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 17 Nov 2016 08:57:01 +0900
Message-ID: <CABcZeBOpsmK73xmVVSVu1d7z6Mypkitpm4nVK2LgBnp5TXy11w@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c050f4aa3f949054173d618"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/dh-hXb4ggdhAx1gvJvpWd1E6Cc0>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Subject: Re: [rtcweb] tweaks for ip-handling language
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 23:58:08 -0000
I generally agree with Martin's comments, with the following exception. I would remove everything after "off getUserMedia consent." It has no normative effect and is simply rationale. -Ekr On Thu, Nov 17, 2016 at 8:26 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > This looks like a good change on its own. However, reading the > document, I find that the "all possible candidates" issue is hard to > fix. This text is part of the rationale for the different modes. > Placing a requirement here - before we've established the baseline - > is probably the wrong thing to do. > > I think that restructuring the corresponding section might be the best > plan. The text in question isn't rationale; it doesn't really belong > where it is. > > Thus, I would recommend this structure: > 1. define the 4 modes > 2. recommend that mode 2 is the default. > 3. include this text - tweaked slightly - to explain how user consent > is necessary to use mode 1 > 4. explain that modes 3 and 4 might be made the default in certain contexts > 5. include the other rationale to justify the design > > > On 16 November 2016 at 16:25, Alissa Cooper <alissa@cooperw.in> wrote: > > This still needs the fix for “all possible candidates.” > > > > OLD > > Gathering all possible candidates SHOULD only be performed when some > form of user consent has been provided; this thwarts the typical drive-by > enumeration attacks. The details of this consent are left to the > implementation; one potential mechanism is to key this off getUserMedia > consent. The getUserMedia suggestion takes into account that the user has > provided some consent to the application already; that when doing so the > user typically wants to engage in a conversational session, which benefits > most from an optimal network path, and lastly, the fact that the underlying > issue is complex and difficult to explain, making explicit consent for > enumeration troublesome. > > > > NEW > > Gathering all possible candidates MUST only be performed when some form > of user consent has been provided; this thwarts the typical drive-by > enumeration attacks. The details of this consent are left to the > implementation. One potential mechanism is to tie this consent to > getUserMedia consent. Such a mechanism might be chosen based on the fact > that the user has provided some consent to the application already; that > when doing so the user typically wants to engage in a conversational > session, which benefits most from an optimal network path, and lastly, the > fact that the underlying issue is complex and difficult to explain, making > explicit consent for enumeration troublesome. > > _______________________________________________ > > rtcweb mailing list > > rtcweb@ietf.org > > https://www.ietf.org/mailman/listinfo/rtcweb > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] tweaks for ip-handling language Alissa Cooper
- Re: [rtcweb] tweaks for ip-handling language Martin Thomson
- Re: [rtcweb] tweaks for ip-handling language Eric Rescorla
- Re: [rtcweb] tweaks for ip-handling language Harald Alvestrand
- Re: [rtcweb] tweaks for ip-handling language Martin Thomson