IETF Logo Mail Archive

[rtcweb] IP handling: Using mDNS names for host candidates

Justin Uberti <juberti@google.com> Tue, 12 June 2018 00:40 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C435130DEE for <rtcweb@ietfa.amsl.com>; Mon, 11 Jun 2018 17:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.509
X-Spam-Level:
X-Spam-Status: No, score=-17.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1mOccEV-7ES for <rtcweb@ietfa.amsl.com>; Mon, 11 Jun 2018 17:40:27 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FE32130E7D for <rtcweb@ietf.org>; Mon, 11 Jun 2018 17:40:27 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id a3-v6so13332758itd.0 for <rtcweb@ietf.org>; Mon, 11 Jun 2018 17:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=9XwyDLWm5s9hnXlizpZyQEkCUJ2BMYA3f9QIr+h6sbQ=; b=CRG6eH4HTASciNxFMapgc1+5TEeBdxrb7RzXhXgccGuXvSRnfZzCqsHfC5d/B2ujcs 9NntI7S/LQSdoV3dUwxPCrZ6wL+Yzdm0aY8gEaxFF8nY4RJZXY9fQRSu6vilnSclxla6 S8qig2jzE00dGKQ6edL88J6OcSfrjdZ8CDgY2K9j7JXRA9Ai3sn1eaS/s8k6dXfOH067 zqMQgnkqQoaYKFO9ru5Xby0nJy5fx+xFMgi/LdOnwQAjc649PAGcV7SnHA9iUJwi0XZY MXAlrndg94lRRPmgf2reDjL28ZDf2JZBRvYvt5KEz+LHdnUqCIk2WNTehHH0vj0Bo4jb NwiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9XwyDLWm5s9hnXlizpZyQEkCUJ2BMYA3f9QIr+h6sbQ=; b=X7tCXgBfggDGFxylqOMWPP0MQmcnK6Ff4b+pIcnK3qdsuJsZNiY0Dw3m+Lk1qdwxMq rGlaWO8PB2jqIQW2QtlA63CcAisGUX2tYOn6fpKrxjOqmRCKwLPp+Knk+J7XVkVLjpWV NNu0iXrugFYrChdrwiHvftRquNEGqEs5oV5fxeZimCNt/C/szmwPv5Rs9RcKXAQqk5xW 0b6OrOIzD/2FeE6YsyGhUqleC4v6VXlMmfejry2eNl2vG9oPUk56ZJvHAwtvuzwGS6DB nFIloBuOiaJeFfsJLr1/vizRohBQE4UdArEA5+Bj9Hnr+nxtovF0+PgyINn9NYnDRpVA fmRg==
X-Gm-Message-State: APt69E0wpjC/fewFXZqw9KAU8tU2MIg17jUQiHrRpULq3c0F24arArYx M9t806dxCxoQd4slr4rQiWa/nEMF+cpBsc6OBLDI7u2j
X-Google-Smtp-Source: ADUXVKKasshrpWGzMoPdQ4FPbeTAuCSveMgJ/YaRbPSQ04I4FE/1SyNyV7qb+RI1T8yPQFPeD6TQv9Z7muGRmFFqQ/4=
X-Received: by 2002:a24:7582:: with SMTP id y124-v6mr1101444itc.115.1528764026111; Mon, 11 Jun 2018 17:40:26 -0700 (PDT)
MIME-Version: 1.0
From: Justin Uberti <juberti@google.com>
Date: Mon, 11 Jun 2018 17:40:14 -0700
Message-ID: <CAOJ7v-2FQ3yfyfmFY8MT17nTFUvsNyixKuXXeT-Rq7zVQKBMnA@mail.gmail.com>
To: RTCWeb IETF <rtcweb@ietf.org>, yfablet@apple.com, Sean Turner <sean@sn3rd.com>
Content-Type: multipart/alternative; boundary="000000000000b97ab3056e671c38"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/ivTEncwddxo0pZGuC_lF5CXD7Bo>
Subject: [rtcweb] IP handling: Using mDNS names for host candidates
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 00:40:33 -0000

The Safari team has come up with a clever approach to avoid disclosing
private IP addresses for host candidates. As discussed in this WebKit bug
<https://bugs.webkit.org/show_bug.cgi?id=174500>, the technique works as
follows:

   1. Register a random UUID-based mDNS name when ICE gathering starts
   2. Replace the private IP address by a "{UUID}.local" string in each
   host candidate (and set raddr to 0.0.0.0 for other candidates)
   3. The other party will do mDNS resolution on any candidate having a
   .local suffix, similar to how hostnames in candidates are handled in RFC
   5245, Section 15.1.

This technique is relevant to the IP handling document, as it addresses one
of the lesser problems (private IP disclosure) from the overall problem
statement. While I don't think this will have a large impact on the
document, including the default mode selection, incorporating this
technique would result in some moderate changes:

   - Section 5.1 would mention concealing private IPs in the default case
   as an explicit goal.
   - In Section 6, Mode 2 would change from handling out private IPs to
   handing out mDNS names.
   - This document would have to describe the technique or point to another
   document that describes the technique. mmusic-ice-sip-sdp, Section 4.1
   <https://tools.ietf.org/html/draft-ietf-mmusic-ice-sip-sdp-20#section-4.1>
seems
   like a good option, as it already covers how to handle DNS names in ICE
   candidates.

This is a significant improvement and I think we will want to incorporate
this suggestion. Is this something we could do as part of this WGLC, or
should we look for another option?

v2.23.0 | Report a Bug | By Email