IETF Logo Mail Archive

Re: [rtcweb] draft-jesup-rtcweb-data-00 posted

Hadriel Kaplan <HKaplan@acmepacket.com> Tue, 25 October 2011 15:31 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77F9D21F8AF4 for <rtcweb@ietfa.amsl.com>; Tue, 25 Oct 2011 08:31:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.443
X-Spam-Level:
X-Spam-Status: No, score=-2.443 tagged_above=-999 required=5 tests=[AWL=0.156, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqWkQCBMX1Ci for <rtcweb@ietfa.amsl.com>; Tue, 25 Oct 2011 08:31:32 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id BDEC521F8B19 for <rtcweb@ietf.org>; Tue, 25 Oct 2011 08:31:32 -0700 (PDT)
Received: from MAIL2.acmepacket.com (10.0.0.22) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Tue, 25 Oct 2011 11:31:30 -0400
Received: from MAIL1.acmepacket.com ([169.254.1.230]) by Mail2.acmepacket.com ([169.254.2.157]) with mapi id 14.01.0270.001; Tue, 25 Oct 2011 11:31:30 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [rtcweb] draft-jesup-rtcweb-data-00 posted
Thread-Index: AQHMkysr+E1fB7NJXkSnRl1LfSuhnQ==
Date: Tue, 25 Oct 2011 15:31:30 +0000
Message-ID: <EB4481BA-E39E-4A9C-85E6-79B48F82298C@acmepacket.com>
References: <4EA5EA46.1010803@jesup.org> <D3C41C1C-3586-4A22-8040-C7F0E22B41A7@acmepacket.com> <CABcZeBPuDZKCQgZ4RV-_zMrp2wa1EjM-w74VA=TuDzY3UY0HtQ@mail.gmail.com>
In-Reply-To: <CABcZeBPuDZKCQgZ4RV-_zMrp2wa1EjM-w74VA=TuDzY3UY0HtQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.0.0.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <862783F40BEBAF4EAF6B41D5E9B5251F@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: Randell Jesup <randell-ietf@jesup.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2011 15:31:33 -0000

On Oct 25, 2011, at 10:20 AM, Eric Rescorla wrote:

> On Tue, Oct 25, 2011 at 1:02 AM, Hadriel Kaplan <HKaplan@acmepacket.com> wrote:
>> 
>> Req. 8: The data stream transport protocol MUST NOT encode IP addresses inside its protocol fields; doing so reveals potentially private information, and leads to failure if the address is depended upon.
> 
> I don't really understand what this means. In general, the peer has
> access to your IP address
> information from ICE.

>From a privacy perspective: if a person uses a Web-site designed with privacy/anonymity in mind (e.g., battered-spouse forum), then the site would relay your media-plane stuff through a type of TURN server that does ICE itself both ways.  But if the SCTP layer on top of UDP encodes your local IP using one of the optional SCTP fields in RFC 4960 or 5061, then you lose that anonymity.  Since the SCTP layer is built into the Browser and not under control of the Javascript, a site can't prevent it from revealing that info.

>From a failure perspective: if the SCTP layer on top of UDP encodes local or remote IP addresses using an SCTP field, presumably it does so for some purpose.  Since history has shown that relying on embedded IP Addresses for anything is prone to failure due to the proliferation of NATs, double-NATs, v4-v6 NATs, etc., then we shouldn't want SCTP to rely on such being useful.  The best way to make sure it can't rely on them, is not to use any to begin with. :)


>> Req. 10: The data stream packet format/encoding MUST be such that it is impossible for a malicious Javascript to generate an application message crafted such that it could be interpreted as a native protocol over UDP - such as UPnP, RTP, SNMP, STUN, etc.
> 
> I'm not sure this is really an issue the way you raise it. It's clear
> that you shouldn't be able to
> generate messages that appear to be STUN or RTP but that's necessary
> for demux to work
> right.

Yes I didn't mean to imply it would be hard to satisfy the requirement, or not necessary for other reasons.  I suggested it because some people wanted to do raw UDP a while ago and this requirement's there to show we can't do raw UDP.


> However, given that the other side has consented, I don't see
> that confusion with
> other protocols being an issue. The kind of intercepting proxies that
> we found for
> HTTP don't seem to be a feature of the UDP environment.


I don't know that intercepting middleboxes don't exist for any/all random UDP-based protocol.  I wouldn't be surprised to find there are for DNS, for example.  But you're talking about for ever, not just now.  I don't have a crystal ball.  Regardless, I would expect this requirement to be achieved easily, no?

-hadriel

v2.23.0 | Report a Bug | By Email