Re: [rtcweb] New proposal for IP address handling in WebRTC
Randell Jesup <randell-ietf@jesup.org> Thu, 23 April 2015 06:12 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 702F71A8899 for <rtcweb@ietfa.amsl.com>; Wed, 22 Apr 2015 23:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qw4YAoFvXU2h for <rtcweb@ietfa.amsl.com>; Wed, 22 Apr 2015 23:12:05 -0700 (PDT)
Received: from relay.mailchannels.net (si-002-i39.relay.mailchannels.net [184.154.112.204]) by ietfa.amsl.com (Postfix) with ESMTP id 9079C1A8897 for <rtcweb@ietf.org>; Wed, 22 Apr 2015 23:11:58 -0700 (PDT)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (ip-10-33-12-218.us-west-2.compute.internal [10.33.12.218]) by relay.mailchannels.net (Postfix) with ESMTPA id 4F249120200 for <rtcweb@ietf.org>; Thu, 23 Apr 2015 06:11:56 +0000 (UTC)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [10.21.145.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.4.8); Thu, 23 Apr 2015 06:11:56 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: wwwh|x-authuser|randell@jesup.org
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1429769516539:4131223808
X-MC-Ingress-Time: 1429769516539
Received: from pool-173-49-141-196.phlapa.fios.verizon.net ([173.49.141.196]:52446 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <randell-ietf@jesup.org>) id 1YlAMd-0000tQ-EA for rtcweb@ietf.org; Thu, 23 Apr 2015 01:11:55 -0500
Message-ID: <55388CE2.4070909@jesup.org>
Date: Thu, 23 Apr 2015 02:10:42 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CAOJ7v-1BQ3cVBQy=DA0eKPkcQ0BP2Ga1t2nxi9uB_Yzs51GAvg@mail.gmail.com> <55352067.6070007@nostrum.com> <CAOJ7v-3919WLP4rJPU4-510vAAvqep54aJPxULNQeTYZCrqHVg@mail.gmail.com>
In-Reply-To: <CAOJ7v-3919WLP4rJPU4-510vAAvqep54aJPxULNQeTYZCrqHVg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AuthUser: randell@jesup.org
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/mV3Fd5Budfox4M2Xo6Tc9TRrea0>
Subject: Re: [rtcweb] New proposal for IP address handling in WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 06:12:06 -0000
On 4/22/2015 8:14 PM, Justin Uberti wrote: > On Mon, Apr 20, 2015 at 8:51 AM, Adam Roach <adam@nostrum.com > <mailto:adam@nostrum.com>> wrote: > > > If we turn your proposed behavior on by default, we're doing the > equivalent of putting a locked deadbolt on the bathroom window > while leaving the front door unlocked, open, and made out of > cardboard. > > So I'm all for including this ability as something that users can > turn on, and I'd be happy to brainstorm ways to expose this to > users in ways other than deep, dark prefs tweaking. But I think it > would be a very detrimental overreaction to hobble WebRTC by > default just to solve a problem for a tiny fraction of users. > > > I certainly understand this position. But I wonder if we are > overestimating the downside and underestimating the upside. > > My sense is that any service degradation will be mainly limited to > cases where the user is using a VPN for work, and media ends up > tunnelled where it would otherwise go direct. But pretty much all the > other cases result in the same routing as in our current > implementations. And even cases where routing is suboptimal could > perhaps be resolved by adding an explicit permission request for full > interface access. Are you thinking of a constraint on new RTCPeerConnection? (or createOffer...) Or something separate from a specific PeerConnection, since certain patterns will result in the same page making a series of PeerConnections (in parallel or series). We don't want a page to repeatedly have to request access... Of course, #include <user/dialog/blindness>, but it would be (somewhat!) safer-by-default, modulo Adam's cardboard analogy limiting the total effectiveness. And of course the point being made here is that there's a difference here between successfully fingerprinting someone, and identifying their external DHCP address that can lead to a knock on the door. Of course, if the attacker is halfway competent, successfully fingerprinting someone (without external IP) is most of the work required to knock on the door (since you can then take that fingerprint and match it against zillions of other records which identify the fingerprint as Joe Shmoe, 123 Main St - so the front door really is made of cardboard). > Regarding upside, these issues are very complex and hard to explain > even to technical people unless they have a comms background. This > leads to widespread confusion and misleading pronouncements, which > could become a headwind for WebRTC adoption. True - regardless of the facts, if it's seen as "dangerous", it will hurt. Of course, it silently and inexplicably sucking for a major (though far from majority) class of users will hurt too. If there's some way to make it not silent about sucking, that would help a lot in shifting the balance. Ideas? -- Randell Jesup -- rjesup a t mozilla d o t com
- [rtcweb] New proposal for IP address handling in … Justin Uberti
- Re: [rtcweb] New proposal for IP address handling… Simon Perreault
- Re: [rtcweb] New proposal for IP address handling… Harald Alvestrand
- Re: [rtcweb] New proposal for IP address handling… Roman Shpount
- Re: [rtcweb] New proposal for IP address handling… Kaiduan Xie
- Re: [rtcweb] New proposal for IP address handling… Philipp Hancke
- Re: [rtcweb] New proposal for IP address handling… Adam Roach
- Re: [rtcweb] New proposal for IP address handling… Randell Jesup
- Re: [rtcweb] New proposal for IP address handling… Simon Perreault
- Re: [rtcweb] New proposal for IP address handling… Adam Roach
- Re: [rtcweb] New proposal for IP address handling… Martin Thomson
- Re: [rtcweb] New proposal for IP address handling… Harald Alvestrand
- Re: [rtcweb] New proposal for IP address handling… Martin Thomson
- Re: [rtcweb] New proposal for IP address handling… Harald Alvestrand
- Re: [rtcweb] New proposal for IP address handling… Martin Thomson
- Re: [rtcweb] New proposal for IP address handling… Justin Uberti
- Re: [rtcweb] New proposal for IP address handling… Tim Panton
- Re: [rtcweb] New proposal for IP address handling… Ted Hardie
- Re: [rtcweb] New proposal for IP address handling… tim panton
- Re: [rtcweb] New proposal for IP address handling… carlo von lynX
- Re: [rtcweb] New proposal for IP address handling… Bjoern Hoehrmann
- Re: [rtcweb] New proposal for IP address handling… Martin Thomson
- [rtcweb] Effectiveness of first-party vs third-pa… Harald Alvestrand
- Re: [rtcweb] New proposal for IP address handling… Justin Uberti
- Re: [rtcweb] New proposal for IP address handling… Randell Jesup
- Re: [rtcweb] New proposal for IP address handling… Cullen Jennings
- [rtcweb] Prompt for mic, camera *and* network acc… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… tim panton
- Re: [rtcweb] Prompt for mic, camera *and* network… Sergio Garcia Murillo
- Re: [rtcweb] Prompt for mic, camera *and* network… Daniel Roesler
- Re: [rtcweb] Prompt for mic, camera *and* network… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… tim panton
- Re: [rtcweb] Prompt for mic, camera *and* network… Harald Alvestrand
- Re: [rtcweb] Prompt for mic, camera *and* network… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… Matthew Kaufman
- Re: [rtcweb] Prompt for mic, camera *and* network… Randell Jesup
- [rtcweb] Dreaming of serverless P2P over the web carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… Tim Panton
- Re: [rtcweb] Prompt for mic, camera *and* network… Tim Panton
- Re: [rtcweb] Prompt for mic, camera *and* network… Tim Panton new
- Re: [rtcweb] Prompt for mic, camera *and* network… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… Roman Shpount
- Re: [rtcweb] Prompt for mic, camera *and* network… Justin Uberti
- Re: [rtcweb] Prompt for mic, camera *and* network… Adam Roach
- Re: [rtcweb] Prompt for mic, camera *and* network… Daniel Roesler
- Re: [rtcweb] Prompt for mic, camera *and* network… Justin Uberti
- Re: [rtcweb] Prompt for mic, camera *and* network… Roman Shpount
- Re: [rtcweb] Prompt for mic, camera *and* network… Stephen Farrell
- Re: [rtcweb] Prompt for mic, camera *and* network… Göran Eriksson AP
- Re: [rtcweb] Prompt for mic, camera *and* network… Eric Rescorla
- Re: [rtcweb] Prompt for mic, camera *and* network… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… carlo von lynX
- Re: [rtcweb] Prompt for mic, camera *and* network… Matthew Kaufman
- Re: [rtcweb] Prompt for mic, camera *and* network… Philipp Hancke
- Re: [rtcweb] Prompt for mic, camera *and* network… Philipp Hancke