IETF Logo Mail Archive

Re: [rtcweb] Security implications of host candidates

Justin Uberti <juberti@google.com> Mon, 09 July 2018 22:19 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88336130DC3 for <rtcweb@ietfa.amsl.com>; Mon, 9 Jul 2018 15:19:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAqPCdHvEpG1 for <rtcweb@ietfa.amsl.com>; Mon, 9 Jul 2018 15:19:30 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 852F4130E07 for <rtcweb@ietf.org>; Mon, 9 Jul 2018 15:19:30 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id e13-v6so18504118iof.6 for <rtcweb@ietf.org>; Mon, 09 Jul 2018 15:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yYuNIAxofNR0hqYJq2wjAdCE/LTbRDfaaD2XblNJzPQ=; b=kkITGJYrNUGZ6XeTFuOUu+74IWzHEhDybm3dIaMtmwRG4GH7BaHVzx7f/hIchuFuwW zvIMzEvK4OAKE0M2R17JH69YGspocGUmL0etOafItqeVw9l6N5SvGRCUXCDdt9Pb2Cbj ilovafnzpa9MAPzs7YN+K1/57355hRSo7Ay2KPdB5I/MZv3JWlFHzsQjk+5PNLmK/813 QGpmopyEAOY0dhd1opBzrvv0Nn87t5N3WMWPK0mZLbhs/Ru6zJvT+CjWm6WIUfMfM9Dn uiZ2d6oP/NgaOFtvp5bJeLz39GCIXilyS7EcQz+0CXfAJCfmNb1qs/nVuicSfqA+y1qk spsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yYuNIAxofNR0hqYJq2wjAdCE/LTbRDfaaD2XblNJzPQ=; b=iUDG23JpQcM74FT8Azkm1690SdUW0QQD14ZDtlfMHC0g9DkLAIfklp940NDhiY25e7 A2tV7PRH+IZVVr0hb/ySm9vrM59x2PLJI8zHkZkpTXS1FAjy2JIDDtmV4+Qh+KRFB1r1 OHWlE2aVh0iDgLWGdVDY2h3iZihe2pVj4yQ+wunSH6JefGXgdHj0iO0H6IOBnl+5BICj ooyLtf6K/a5eX2y0DqkoUVEYacINVMGZEUfQ9AnKV9Go9SYv4yAB/RMGEFhyCcz4EchM oxIyPd2d3iENpiYetFHGI8FZ5sVakRj+SmY/HSioRS0ZYIkEghBto8quDkapnr7hT3SF GeVw==
X-Gm-Message-State: AOUpUlFtkX0cViaDJGPZYUOQfVfPPic9s7SJ8ilivYmAjwF0eGPsDgtV sjv8NW74vPpAgngsnitqb5jzVwxDS0AbFWRtgcnl7hZ1
X-Google-Smtp-Source: AAOMgpdLLt5HxRFPZwlxO8rW7p9RgRxdLI95sqzU+yAHbgoqJHdXs5MwX1sImvfWFs5hPVXrP68Y3Xt3nBbpq2/Rwfs=
X-Received: by 2002:a6b:b387:: with SMTP id c129-v6mr19531231iof.32.1531174769380; Mon, 09 Jul 2018 15:19:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAOJ7v-1t_BDEEHmA4eqiS9ksYOOyHUz9LFLhQxs8FhjTdswP5w@mail.gmail.com> <CANN+akZLRdZdexjU44zPCA6vdQR0hVYT17_4P8DefC0JbRL5mA@mail.gmail.com> <CAOJ7v-2JdiMJ9iWE_cL8G7xDM6iekexJL8KLEbz0jD=p7hiGZg@mail.gmail.com> <CANN+akbv2mpyhgV5vxDHKcsA8UPsSEr0bEjJK4xYxtvbkXNA7w@mail.gmail.com> <CAOJ7v-3gHMCxHU02YG3NoqvWHtXgOSWSm+y88GNDW0qc=Sqq=A@mail.gmail.com> <CAOJ7v-3moUqwgxkz1Fek4vy-XV+WpDaO-PsQZEw4ougoCHjLww@mail.gmail.com> <CANN+akZ=Ebw41mA2wEX7-4u6q5WcZbFtM=VMLX4nDK39S=QGOQ@mail.gmail.com> <CAOJ7v-3X2Sj8Yid+i0=xadyH_Hmf4pMOF_iuOV+56Ty8HNnJuw@mail.gmail.com> <0ED74BE5-AC02-44C5-80E1-18532BD3D1FF@westhawk.co.uk> <CAOJ7v-0TGqvp=MUmeEUjYZTcvV37qbYSTV0pFMoi1J0CJQ7Q4A@mail.gmail.com> <CABkgnnXBTC5TERquJPO4dgiAKz037Cm0Omw4YrobtCW=wmGPyQ@mail.gmail.com> <CAOJ7v-0yzvu9POvR4Auokykqc63eju6_CveAzyVpcSd1kkK6Nw@mail.gmail.com> <CABkgnnXL6sdCDt=hjX+7KbP+xYm9jCmgjJNy4CvPPna_0oin=g@mail.gmail.com>
In-Reply-To: <CABkgnnXL6sdCDt=hjX+7KbP+xYm9jCmgjJNy4CvPPna_0oin=g@mail.gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Mon, 09 Jul 2018 15:19:17 -0700
Message-ID: <CAOJ7v-33ODGTsmbHEp_U7UdROvuKR7O7bne2_0tX6ivVf-+C5A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Tim Panton <thp@westhawk.co.uk>, RTCWeb IETF <rtcweb@ietf.org>, youenn fablet <yfablet@apple.com>
Content-Type: multipart/alternative; boundary="000000000000385dd305709868d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/ibUNVf-Tdz1boSZpUKjDfp6P8T4>
Subject: Re: [rtcweb] Security implications of host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 22:19:33 -0000

On Mon, Jul 9, 2018 at 2:48 PM Martin Thomson <martin.thomson@gmail.com>
wrote:

> On Tue, Jul 10, 2018 at 7:38 AM Justin Uberti <juberti@google.com> wrote:
> > e) [new] RTT < 5ms (indicates "probably same machine")
>
> My thought was that this only creates a valid "same-network" signal.
> But the number of instances of one host per network is high enough
> that the distinction might be meaningless.  But that's not the point,
> the point was to avoid creating a new signal.
>
> One thing that I found helpful in thinking about this was the
> question: "What would Tor Browser do?"  And in that case, the proposed
> tweak does work: a hairpin over the Tor network expands the anonymity
> set considerably.
>

Well, Tor browser would really need all WebRTC traffic to flow through Tor,
to prevent linking sessions via the srflx IPs.

But let me get to the point. Adding the limitations discussed for .local
has minimal downside, but what, if anything, should we do with IPv6 host
candidates? If we decide that we want to prevent host-host IPv6
connections, there will be implications for datachannel applications.

v2.23.0 | Report a Bug | By Email