Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 18 October 2017 12:37 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82AF13319E; Wed, 18 Oct 2017 05:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3mAnjz8oeIe; Wed, 18 Oct 2017 05:37:31 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2C311320C9; Wed, 18 Oct 2017 05:37:30 -0700 (PDT)
X-AuditID: c1b4fb3a-1c7889c000006897-13-59e74b0847a8
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 64.F9.26775.80B47E95; Wed, 18 Oct 2017 14:37:29 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.191]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.03.0352.000; Wed, 18 Oct 2017 14:37:17 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Harald Alvestrand <harald@alvestrand.no>, "ice@ietf.org" <ice@ietf.org>
CC: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
Thread-Index: AQHTSA3U4CXrlZbiCEazjRESjRn5kg==
Date: Wed, 18 Oct 2017 12:37:16 +0000
Message-ID: <D60D26FD.24381%christer.holmberg@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.7.170905
x-originating-ip: [153.88.183.18]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <295DE90FC5203A4EA3C551256BC317D9@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupmkeLIzCtJLcpLzFFi42KZGbFdS5fT+3mkwS47i2N9XWwW3y7UWqz9 187uwOxxZcIVVo8lS34yBTBFcdmkpOZklqUW6dslcGUcWzCPpeA1R8Xlf1dYGxinsncxcnJI CJhIzHj+Hcjm4hASOMIo8WB/FyuEs4RR4lDjTiCHg4NNwEKi+582SIOIgLfEx8+tTCA2s4C6 xJ3F58AGCQtkSaz5uI4doiZb4kD3RiYIW0/ixtepzCA2i4CqxNXj91hBbF4Ba4mvncvB6hkF xCS+n1oDNVNc4taT+UwQxwlILNlznhnCFpV4+fgfWK8o0MwNJ25DPaAo8fHVPkaIXqBdU6ew QdjWEj//v4OytSWWLXzNDLFXUOLkzCcsExhFZyFZNwtJ+ywk7bOQtM9C0r6AkXUVo2hxanFx brqRkV5qUWZycXF+nl5easkmRmAUHdzy22oH48HnjocYBTgYlXh4GdWeRwqxJpYVV+YeYpTg YFYS4Y11AQrxpiRWVqUW5ccXleakFh9ilOZgURLnddh3IUJIID2xJDU7NbUgtQgmy8TBKdXA WHDm1DSVUwWqAUplxyTfzw29tb+UPXCp4KU9O/80ZzyO75o9e6Pf67XbyhbK/drE0FHQmnO4 ePtcmZ/VHVzv0k85qdTpV7rt3vq/aeLLtde6TT5E2Ap6XLgQuLbKP07gmvKC7s0dN/7cjuBo +H7Og6P6g43lte9/A2SWP/zorS7xOzlbxjEuVYmlOCPRUIu5qDgRAD3EzX6eAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/mPeB09LSH1qpB3LYl6YHFGtkmAU>
Subject: Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 12:37:33 -0000
Hi, ... >> >>> * Security considerations should mention the problem that ICE reveals >>> addresses that might otherwise remain hidden, and that this is a >>>privacy >>> concern. >> >> I would be glad if someone could provide text for that, to make sure we >> get it right. > >The paragraph I suggested in the PDF was: > >³The process of probing for candidates reveals the source addresses of >the client and its peer to any on-network listening attacker, and the >process of exchanging candidates reveals the addresses to any attacker >that is able to see the negotiation. Some addresses, such as the server >reflexive addresses gathered through the local interface of VPN users, >may be sensitive information. If these potential attacks can¹t be >mitigated, the implementation may want to institute controls for which >addresses are revealed to the negotiation and/or probing process. Such >controls need to be specified as part of the ICE usage.² > >Of course, that's only my suggestion. Pull request created: https://github.com/ice-wg/rfc5245bis/pull/49 Regards, Christer
- Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc524… Christer Holmberg
- Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc524… Christer Holmberg