Re: [rtcweb] Transports: RFC 4941 support?

Dan Wing <dwing@cisco.com> Fri, 21 March 2014 00:08 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDAF31A077C for <rtcweb@ietfa.amsl.com>; Thu, 20 Mar 2014 17:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vg8kWv1Ci_zh for <rtcweb@ietfa.amsl.com>; Thu, 20 Mar 2014 17:08:24 -0700 (PDT)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 12DAD1A080B for <rtcweb@ietf.org>; Thu, 20 Mar 2014 17:08:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2591; q=dns/txt; s=iport; t=1395360491; x=1396570091; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=JTWSRiYgHIzVboju2xBLFQcBFU5jReqN7zdmmeZ/Z/c=; b=kck2NRGEMyrUGnnJ39909orqHj9UxrAHeeRV3ST4f0UHVl4oDhaEinzq Sf7PotgGmlu6mpeisV0uUSAh3lwrLmnxHVszQ2/Nsedfuo00h7HQ6zSr9 rM63dSFw/icUIP5JFQIow+xJYwpAZgMeteG8b4Gq/NVVZ/emkAi0w/MA9 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhgFALCBK1OrRDoG/2dsb2JhbABZgwbDZIETFnSCJQEBAQMBeQULCxguITYGE4dlAwkHyGENhxkXjE2BZTMHgySBFASJUo0IgW2MaIVIg00dgSwk
X-IronPort-AV: E=Sophos;i="4.97,699,1389744000"; d="scan'208";a="108577786"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-4.cisco.com with ESMTP; 21 Mar 2014 00:08:10 +0000
Received: from sjc-vpn3-1362.cisco.com (sjc-vpn3-1362.cisco.com [10.21.69.82]) by mtv-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2L089IX016340; Fri, 21 Mar 2014 00:08:09 GMT
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <CA+9kkMD5jG-w7ahHLsUX9QMSkSMArS4Wz7ZYOucAZWkrmz5YsQ@mail.gmail.com>
Date: Thu, 20 Mar 2014 17:08:08 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <80B4969D-A548-407F-98E6-C749222DA4D9@cisco.com>
References: <CAOJ7v-0Hw0NFs_avsB2Z8do21BCws2LRZSeSh6HP0t455SPXyw@mail.gmail.com> <B6836FFA-867A-4CBF-9855-D265425EC5E1@cisco.com> <CAOqqYVE=i2L7FxGgKuV0DVaaxYOPnxzSEbDoq0_4Tqapna575g@mail.gmail.com> <CD747481-EBDA-4FFC-A31D-618E6E217420@cisco.com> <5329B617.2070001@alvestrand.no> <17885A74-50A3-49E3-8C54-E53C55019C73@cisco.com> <CAOJ7v-0Dx4Owam7NzXqs6ALPi+ps9gKbmFK9=Zu5eBr9yHYgKg@mail.gmail.com> <444DE75E-BF07-4C6F-91B1-CF57DC67FBA3@cisco.com> <CA+9kkMD5jG-w7ahHLsUX9QMSkSMArS4Wz7ZYOucAZWkrmz5YsQ@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/kUX5l37md5ggMyS7BwUYaaDD4i4
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Transports: RFC 4941 support?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 00:08:32 -0000

On Mar 20, 2014, at 1:56 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> On Thu, Mar 20, 2014 at 10:07 AM, Dan Wing <dwing@cisco.com> wrote:
> 
> On Mar 20, 2014, at 9:34 AM, Justin Uberti <juberti@google.com> wrote:
> 
>> 
>> 
>> 
>> 
>> So perhaps:
>>    "An RTCWEB implementation SHOULD prefer to use temporary addresses [RFC4941] where host and network policy permit [RFC6724]."
>> ?
>> 
>> I think it needs to be stronger than that - something like 
>> "where host and network policy permit, RTCWEB implementations SHOULD gather IPv6 temporary addresses and SHOULD NOT gather non-temporary addresses".
>> 
>> Preferring to use temporary addresses is probably not sufficient to prevent linkage, since you will have connectivity checks from the non-temporary addresses. (i.e. an eavesdropper listening over an extended period of time could determine calls are from the same endpoint)
> 
> Agreed.  I like your suggested wording.
> 
> -d
> 
> 
> 
> So, I note that in this case where a non-temporary IPv6 address is present and  no temporary IPv6 address is present, this appears to push IPv6 out of the gathered list completely.  If I have that right, then my view as an individual is that this is the wrong result.  It will either force the use of IPv4 addresses which are just as linkable as IPv6 non-temporary addresses or rely on NATs to get the non-linkability (and provide us all the other subtle joys of NAT). 
> 
> As a friendly amendment, may I suggest "Where both non-temporary and temporary addresses are present and host and network policy permit, RTCWEB implementations SHOULD gather IPv6 temporary addresses and SHOULD NOT gather non-temporary addresses"?
> 
> I also confess to a suspicion that Harald's view is the most sensible--having a separate policy for this application either won't happen or doesn't make much sense. 

Ok, so preface your suggested sentence with,

  “WebRTC applications are encouraged to follow IPv6 Socket API for Source Address Selection [RFC5014] with regards to IPv6 temporary addresses, specifically <insert your sentence>.”

It’s not that WebRTC is trying to do something unique here — we just want this done, and not just hope an implementor stumbles into the right IETF document explaining temporary IPv6 addresses.

-d



> But if we have one, I'd prefer one that doesn't shove IPv6 out the door completely if the host doesn't use temporary addresses.
> 
> regards,
> 
> Ted