IETF Logo Mail Archive

Re: [rtcweb] [tram] TURN permissions for private ips

Emil Ivov <emcho@jitsi.org> Fri, 07 August 2015 02:25 UTC

Return-Path: <emcho@sip-communicator.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 453FA1B4065 for <rtcweb@ietfa.amsl.com>; Thu, 6 Aug 2015 19:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSC4VP5luZF1 for <rtcweb@ietfa.amsl.com>; Thu, 6 Aug 2015 19:25:20 -0700 (PDT)
Received: from mail-ob0-f180.google.com (mail-ob0-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D961F1B4066 for <rtcweb@ietf.org>; Thu, 6 Aug 2015 19:25:18 -0700 (PDT)
Received: by obdeg2 with SMTP id eg2so69962425obd.0 for <rtcweb@ietf.org>; Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=bYdfo3I6vDImBvXmPvh2vGuDIbWwHwXpG6o3Aa7z7tU=; b=RxeluiQ4iFQea7DBOcHXG738QTbAxcxWuElkb7DDX++JjSoUCNTkhuqIxZBDhzH5SB SYThZvDyDXmIBxKTGTaHWsYeNbbDHRAS8HnrXnBHI4DWk+rvCvqDH57MVR6TdFbcYzpA 3k4JAG9srzQ21IXfSBgJMG9Xflpml6FiaeX0xwhamFuRWkqlxl4eJwayJa7cdzGNW0iB kCytJcO7fxwI73vdRS5BaQg2XpkcgMf7ktdxIJzh1F/39TPIuU3GY90ypO0Hkb8SSQOB UIy1SA+ZtXhG/yGUTh2/VwI72uwc5nN/nMNOp79FxYkd3fCKGH7fqLbeCtdBpQMG+EO7 PpDg==
X-Gm-Message-State: ALoCoQnTHkCE9C1N3dodM42KRoxDdsq9SJ/2nFBgfM2kgFwSblO0HjXOUIXEbx4RBhgE2egibkPx
X-Received: by 10.60.132.108 with SMTP id ot12mr4658924oeb.44.1438914317486; Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
Received: from mail-oi0-f49.google.com (mail-oi0-f49.google.com. [209.85.218.49]) by smtp.gmail.com with ESMTPSA id os15sm5159989oeb.8.2015.08.06.19.25.16 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Aug 2015 19:25:17 -0700 (PDT)
Received: by oihn130 with SMTP id n130so49762996oih.2 for <rtcweb@ietf.org>; Thu, 06 Aug 2015 19:25:16 -0700 (PDT)
X-Received: by 10.202.77.144 with SMTP id a138mr4313768oib.32.1438914316644; Thu, 06 Aug 2015 19:25:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.83.167 with HTTP; Thu, 6 Aug 2015 19:24:57 -0700 (PDT)
In-Reply-To: <CAOJ7v-02F-4bM18p8JKap5PzjrsQROiXPd4xxXkCUJq9WQzW4w@mail.gmail.com>
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie> <55C24C09.8020404@goodadvice.pages.de> <55C256C8.80606@jive.com> <CAOJ7v-3hyFhHiFq4eujLznXtehkUSxZati8YZ23o-RPLH=J5zg@mail.gmail.com> <F144FF61-AAC6-4E0A-B08E-0E3F9B487F1B@vidyo.com> <CAOJ7v-0Z4fmWjVaeiAJh=rpYPjUsk_k8_=g8CrecAZQWtRG1AQ@mail.gmail.com> <CABkgnnXubczrXpR+YHeF1+zNrNoPNMH_XdB1+pCAGZ9LQn0UXw@mail.gmail.com> <CAOJ7v-2PaLr8XLdVxfPY=YYzeQuoj49qypUTUr=wdbmSiMZO7A@mail.gmail.com> <CAPvvaaK9xxxfmVOjE_UtX_Z6RzLe3RjR-Q=55F_Mp-9X1Li0Sg@mail.gmail.com> <CAOJ7v-02F-4bM18p8JKap5PzjrsQROiXPd4xxXkCUJq9WQzW4w@mail.gmail.com>
From: Emil Ivov <emcho@jitsi.org>
Date: Thu, 06 Aug 2015 19:24:57 -0700
Message-ID: <CAPvvaaJBcONiXY=Wp60nxTD=ZFiOJ162ocuqDAj9=fQ8YKdqOA@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/eldnBHVuD9xBiw4TKgKXN1qK_jU>
Cc: Jonathan Lennox <jonathan@vidyo.com>, mmusic <mmusic@ietf.org>, "tram@ietf.org" <tram@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] [tram] TURN permissions for private ips
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 02:25:21 -0000

On Thu, Aug 6, 2015 at 5:46 PM, Justin Uberti <juberti@google.com> wrote:
>
>
> On Thu, Aug 6, 2015 at 5:11 PM, Emil Ivov <emcho@jitsi.org> wrote:
>>
>> On Thu, Aug 6, 2015 at 5:01 PM, Justin Uberti <juberti@google.com> wrote:
>> >
>> >
>> > On Thu, Aug 6, 2015 at 1:51 PM, Martin Thomson
>> > <martin.thomson@gmail.com>
>> > wrote:
>> >>
>> >> On 6 August 2015 at 13:08, Justin Uberti <juberti@google.com> wrote:
>> >> > I think that we should be able to avoid pairing candidates obtained
>> >> > from
>> >> > application TURN servers with RFC 1918 addresses. The app/browser
>> >> > clearly
>> >> > knows which is which.
>> >>
>> >> I'm concerned here that if we let the application choose, we lose the
>> >> defence we were looking to gain.  I think that perhaps 1918 pairing
>> >> could be restricted to TURN servers that are configured/discovered,
>> >> "proxy"-style.
>> >
>> >
>> > Sorry, that is what I was trying to say. The browser knows which turn
>> > servers are "proxies" vs app servers, and can apply the 1918 filtering
>> > on
>> > the pairings from the candidates from the app TURN server.
>>
>> I don't think Jonathan's concerns only apply to proxies though. You
>> can just as well have apps developed for specific networks and there
>> is no reason to prevent those from working.
>>
>> > Agree with your enumeration of concerns as well. Also #5, they consume
>> > bandwidth (at least from client to TURN server), which affects maximum
>> > check
>> > rate in some cases.
>>
>> Why can't we address this by TURN servers simply refusing to create
>> permissions for candidates they know they won't be able to reach?
>
>
> That is one potential solution, which would solve #1/#4/#5.

So, let's say that Alice calls Bob using SuperApp.

Alice sends her 10.0.0.1 address to SuperApp's server, which then
sends it to Bob.

So Bob and SuperApp now know about Alice's 10.0.0.1 but there's no way
around this. Bob, could be in the same network as Alice so it has to
try her private address.

Next, Bob installs 10.0.0.1 on the TURN server provided by SuperApp,
which also now learns about 10.0.0.1. As long as that server is hosted
by the same people as SuperApp (which we can probably consider as the
common case) then we haven't leaked anything.

If the TURN server is hosted by a third party (SuperTURN) then
SuperTURN do get to learn a little bit of extra information, namely
that Alice's public address has a private network in the 10.0.0.0
range behind it and that 10.0.0.1 is being used by someone.

That's all though.

SuperTURN should have no other information regarding Alice and what
little it just learned was not hard to guess any way.

So I am not sure exactly what we are trying to solve here.

Emil


-- 
https://jitsi.org

v2.23.0 | Report a Bug | By Email