IETF Logo Mail Archive

Re: [rtcweb] CNAMEs and multiple peer connections

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 17 March 2014 10:30 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DF511A03C7 for <rtcweb@ietfa.amsl.com>; Mon, 17 Mar 2014 03:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drlVFsZgJT1B for <rtcweb@ietfa.amsl.com>; Mon, 17 Mar 2014 03:30:01 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA511A00AE for <rtcweb@ietf.org>; Mon, 17 Mar 2014 03:30:00 -0700 (PDT)
X-AuditID: c1b4fb25-b7f038e000005d01-eb-5326cea0d368
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id FF.D3.23809.0AEC6235; Mon, 17 Mar 2014 11:29:52 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.53) with Microsoft SMTP Server id 14.2.347.0; Mon, 17 Mar 2014 11:29:51 +0100
Message-ID: <5326CE9F.6060008@ericsson.com>
Date: Mon, 17 Mar 2014 11:29:51 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Justin Uberti <juberti@google.com>
References: <CABkgnnWGQ7GtKd33iF-RNbkeAyqKYshaPDDB=sAh5o-izKichQ@mail.gmail.com> <53171C20.3020001@ericsson.com> <CABkgnnWWoCLKga7RDEmS1kDOuBPaiKaJ+_yj6-yPRSV8LVc=2A@mail.gmail.com> <CAOJ7v-1J=F-MNnBS96gt3_BXyoQB6jTCoHp0MTEBC-nWrF-BhA@mail.gmail.com> <CABkgnnWQbtKYTuvUyMiCaEijv3KVydR8sxGXZep08B4EQXArxA@mail.gmail.com> <531DD807.9090602@ericsson.com> <CABkgnnVscHB6_weLkxHunQxLue7g-WvBwO-P_CW6eEU_JYqVuw@mail.gmail.com> <53201AEF.6090501@ericsson.com> <CABkgnnX16mOUOCmQ3wgQ2AV8o5WNXpCjVi-Rhr+ASWQ2LPzA-w@mail.gmail.com> <5322BF2E.3060608@ericsson.com> <CAOJ7v-3NFiR4yXRoscWQ5Oh7ohiM+fD=YJBp2Q-rdA_Azu9gZA@mail.gmail.com>
In-Reply-To: <CAOJ7v-3NFiR4yXRoscWQ5Oh7ohiM+fD=YJBp2Q-rdA_Azu9gZA@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBLMWRmVeSWpSXmKPExsUyM+Jvje6Cc2rBBs97VSy2ThWyuHbmH6PF 2n/t7A7MHjtn3WX3WLCp1GPJkp9MAcxRXDYpqTmZZalF+nYJXBkT5zxmKrjKV9F4dh9bA+M7 7i5GTg4JAROJX2uWMELYYhIX7q1nA7GFBA4xSrx6W9/FyAVkL2eUaG2bBVbEK6At0dm/jx3E ZhFQlZi6cAkriM0mYCFx80cjWLOoQLDEzgO/oeoFJU7OfMICYosIqEk8nLULrJ5ZIETi4dl3 zCC2sICVxJPDB1gglr1jkTj6ZQ1YEadAoMTeS0+Yuhg5gK4Tl+hpDILo1ZRo3f6bHcKWl2je OpsZ4mhtiYamDtYJjEKzkKyehaRlFpKWBYzMqxjZcxMzc9LLjTYxAkP34JbfqjsY75wTOcQo zcGiJM774a1zkJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQZG/9CDRqftv82XfbqOJ+l8yiTB o8dfVHD5N/lZ3dU92vfZNcsxL/NDn5G763eHCuY5e1iuvn3dsvrXwe7wT0WmDnud4rpq685l M3gbbA2csWmZztwsDiNxgS9/HcLz7z04xvrmjrvF6eLPOzk9vgm+MX0z/9mHWwJRX0+ePTlh tZ48w7zrdnMblFiKMxINtZiLihMB3yiZMSsCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/mA0F8gbj0y7kf4uRDtujnkjkIvA
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] CNAMEs and multiple peer connections
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 10:30:03 -0000

On 2014-03-14 17:44, Justin Uberti wrote:

> 
> At an implementation level, one could imagine at least 3 policies for
> generating CNAMEs:
> a) per-session (i.e. per-PeerConnection)
> b) per-page (i.e. shared between all PCs on a page)
> c) per-page, persistent (i.e. shared between all PCs on a page,
> including across page loads)
> 
> While we seem to agree that a) is the right solution for CNAMEs, it is
> worth pointing out that we (Chrome) are currently doing c) for DTLS
> certificates, to avoid performance problems with cert generation at page
> load. Ergo, this linkability concern already exists, and I don't think
> it is easy to solve it in the default case. There have been some
> proposals to allow generation/storage of unique certs to prevent this
> linkability, but this will require app input.
> 
> Ergo, we might want to match the DTLS behavior (i.e. generate unique
> CNAMEs only when the certs are unique), to ensure we treat linkability
> consistently.

Actually, the DTLS cert and the CNAME is actually not equivalent when it
comes to visibility scope. The DTLS is show only to the DTLS peer, i.e.
the address at the other end of a peer connection. The CNAME in cases of
SFM or RTP mixer based using CSRC lists type of RTP middleboxes, can
result in the CNAME being forward to all participants in the same
multi-party conference.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email