IETF Logo Mail Archive

Re: [rtcweb] Please require user consent for data channels

Simon Perreault <sperreault@jive.com> Mon, 20 July 2015 12:32 UTC

Return-Path: <sperreault@jive.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97B521A86FC for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 05:32:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTUU5n95kYT5 for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 05:32:55 -0700 (PDT)
Received: from mail-wg0-f45.google.com (mail-wg0-f45.google.com [74.125.82.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CEE91A86E4 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 05:32:55 -0700 (PDT)
Received: by wgav7 with SMTP id v7so63898905wga.2 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 05:32:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=5QWCg5ZCkZ6R40ITt6zz9tCmvVsqX6gCLiSh0zln0XU=; b=hzsrZ0OjHMZfm70Qy5RH26qgUDxlcuZj2nhM1BJL53oxATWH6AiI6lIYA1oVeZ+eMZ YZ3TPO0KinBeuLTNTU8iU2fCxggTaiE/hdQ5mRRpk5rO5AMLEx/OsavDwIdAVzOT7mwe rCnZ8oW5yZLyvvzb5KznHKipptsrb3oPHHXD389bIoxjnJgoEZvNxTAQEQvg3MOMCqSR x1LOlGavOjoHBpkbAWvBCs3hMxChFGHvI11s2dqn34n8kFHbVbqDgVoMh6EYgD6i1gB7 hNVkbxjyCxATjHU1HueA+wWZAxlvUEoU2D3OrqFNJXNMcv8O0yl0+8dvQ74hotDvx8B3 XUYw==
X-Gm-Message-State: ALoCoQmoDR4qq+wNXyvMtSJyXo5xrMf6WScNSEcFFbj5dVZx5clpCXRie9enY8XCkn+Adj6FCL3R
X-Received: by 10.180.36.129 with SMTP id q1mr21752196wij.10.1437395573700; Mon, 20 Jul 2015 05:32:53 -0700 (PDT)
Received: from dhcp-b3b5.meeting.ietf.org ([2001:67c:370:176:d1dd:6618:c053:161d]) by smtp.googlemail.com with ESMTPSA id jz4sm31807699wjb.16.2015.07.20.05.32.52 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Jul 2015 05:32:52 -0700 (PDT)
Message-ID: <55ACEA74.8050300@jive.com>
Date: Mon, 20 Jul 2015 14:32:52 +0200
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Tim Panton <tim@phonefromhere.com>, Martin Thomson <martin.thomson@gmail.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CA+65OsrhXHK+cRAFLCZFt+34vr8eRhj+CN3DgznUBfSwmWYggw@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <CALiegfmiS18Jux-kCgOhTKKiyGtMertj6xCegpFrox5NOf9EJg@mail.gmail.com> <CABkgnnW0Tmjqz823vKiF84_u6HasBJC7ERMYCO2HL_NPj5saTA@mail.gmail.com> <CALiegfkpbLy1QXxr-RRF0oOpVv1sWsFeab=vvC4iT4DnPtjKQw@mail.gmail.com> <CABkgnnVWcuhX2NjZgx87L+Uo6df6rEBWW73cxbaX3mu_VfHmCA@mail.gmail.com> <CALiegfkQWAn-jMrjhcDPA3rtowOPVk-S8z3c-jvjpNmjtf=3hA@mail.gmail.com> <CABkgnnWERM4oxozNCSvRf1o0Wm-d9Bjw=9B+xh_NJ+h6GfBJ6Q@mail.gmail.com> <7F818FAC-5559-4074-B1FC-EB9516A98FB7@phonefromhere.com>
In-Reply-To: <7F818FAC-5559-4074-B1FC-EB9516A98FB7@phonefromhere.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/jcp5aFvVzUcRCuMj6-i5pzohxhc>
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 12:32:56 -0000

Le 2015-07-20 14:26, Tim Panton a écrit :
> Gulp. Whilst I mostly see the logic - it is wholly unexpected behaviour
> to the average sys admin. 
> Certainly not what I expected.

I don't know how you can expect ICE to work otherwise.

> It strikes me that binding to all interfaces might well give a vector
> for attackers to map out a company’s internal networks.

You are sending your IP address(es) as payload so that your peer may
connect to them. We've been doing this in various protocols for ages.
Just take FTP for example, where data and signalling are separate. How
is any of this different?

> It also may restrict the user’s ability to manipulate which medium is used. 
> E.g. I’m at home and my chromebook pixel (or firefox tablet) is on wifi,
> but I’ve left LTE enabled.
> I (or the OS) is configured to prefer wifi wen available - but it
> happens that for a specific peer LTE completes first.
> So now my video call goes over LTE without my say-so and with no hint
> this is happening  - costing me real
> money. My only option is to completely disable LTE when I get home  (and
> lose SMS too) ?

That is a valid concern, and the answer to it is MIF.

Simon

v2.23.0 | Report a Bug | By Email