IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-ip-handling-05.txt

Justin Uberti <juberti@google.com> Tue, 27 February 2018 06:54 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72A6124BAC for <rtcweb@ietfa.amsl.com>; Mon, 26 Feb 2018 22:54:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0o7_iPV6xXl for <rtcweb@ietfa.amsl.com>; Mon, 26 Feb 2018 22:54:20 -0800 (PST)
Received: from mail-vk0-x22e.google.com (mail-vk0-x22e.google.com [IPv6:2607:f8b0:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A611243F3 for <rtcweb@ietf.org>; Mon, 26 Feb 2018 22:54:20 -0800 (PST)
Received: by mail-vk0-x22e.google.com with SMTP id x125so11520256vkc.13 for <rtcweb@ietf.org>; Mon, 26 Feb 2018 22:54:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2EuAEGq/vesvP2lV3g0gV3BocC7OvURM/gOKQklvc0A=; b=gdXmpFpJlfxlQPdsgkv2J5/wjkcaxepnhlNX7RupOpfKiP8/JVkvC3ZbUqiC0rRF8V KoU6H4u5zNalr/hBQrvH/7Dl0ofUO69ve0Oobp0opDi3neH970pGbnLMsvyUtWlt/ZZb w8+qO8zyBcuaUND8EchRcT1LB+gMVeDehk1t0w8nVOf6oZ9wMr4GFqmtjznSusKqy55A 97phDgBRUwgFEBWPuJBon5eOxJM2ydL8uJxBiqi+ZQyabCmHfxbBv4uFgghjVatc2A0U +CNctyRzswA2dAEcLkDJ0H9R7GiHQBc9pHg3tvD/bYGJAz/CYdpX3gc4x5YG95gMEAkN DvOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2EuAEGq/vesvP2lV3g0gV3BocC7OvURM/gOKQklvc0A=; b=f4pvqpSw7HOXBLz+7CL+lmzNT2/UkLmZ98urz3rU+bDxfcRinBvSkibNVVmoMj25eX k5vhSbgGyeaFsKGknYmXTrrvxf0SAjCRHVjhXJ3qFNFTMhfwLrmswFZPZzENaO6Wl34s OCbOaec+oLTUDB4ltApWRnaWC82kqtx/4rxPglcJ0iBvBC/O9Ou+rzDzcptwGk9f7R30 qvD15Q27UWHzqC/ZchnpPDD8vYjn+neZWO47FXsVOoESpXUEH64Ww02e5Y2Lcth90Xsu u31FpKW0zrLttttPkEJCX0QCAgcsQnooP3UyD3+ZzS41Ffd83hYBAzxs3i3UOAe/01yJ NyCw==
X-Gm-Message-State: APf1xPD272LGg0Xbhj1TpZwV/QqsdyUjuvX7okwYxNMnfjJH28YesVKz JLUdDnh9lnG/n6oGG7jH99bMB6eHid/UtdTfh+3muv48g5s=
X-Google-Smtp-Source: AG47ELvv3spFM0LQgdh10QoX9AvP0b35Kx6cHLaWRrbHcAEMqJPVCZtapXeJnZ6JxF1i+n2vTODP75iHDcNWipEBMEM=
X-Received: by 10.31.208.7 with SMTP id h7mr9926367vkg.71.1519714458683; Mon, 26 Feb 2018 22:54:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.167.206 with HTTP; Mon, 26 Feb 2018 22:53:58 -0800 (PST)
In-Reply-To: <FBBAE2EF-7BCF-4DFD-B760-F054971BFCF9@sn3rd.com>
References: <151833965150.17077.13014329219354900316@ietfa.amsl.com> <f3712b9f-f7dd-27b1-a9aa-3c7fceb1008e@cs.tcd.ie> <1a280595-e04d-33af-2cfc-454563131481@alvestrand.no> <5acebff2-364c-45f2-c92a-992ba88f47ef@cs.tcd.ie> <CAOJ7v-1-W+AKe2nF02m+O8iDovioB4vDdwviNKgOmrLUCxjxiQ@mail.gmail.com> <FBBAE2EF-7BCF-4DFD-B760-F054971BFCF9@sn3rd.com>
From: Justin Uberti <juberti@google.com>
Date: Mon, 26 Feb 2018 22:53:58 -0800
Message-ID: <CAOJ7v-1VoiuaY5L2jvM8zZ7HZszPQxka9aE4MU0tU9HtiD0pOw@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="001a114bcaa079241f05662c1855"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/nGQdV_qCLcLM8LShTZT89WXvT_w>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-ip-handling-05.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 06:54:24 -0000

PTAL at https://github.com/juberti/draughts/pull/96, which tries to explain
that implementations may choose different defaults a bit more clearly.

On Tue, Feb 13, 2018 at 7:06 PM, Sean Turner <sean@sn3rd.com> wrote:

>
>
> > On Feb 13, 2018, at 15:46, Justin Uberti <juberti@google.com> wrote:
> >
> >
> >
> > On Mon, Feb 12, 2018 at 3:12 AM, Stephen Farrell <
> stephen.farrell@cs.tcd.ie> wrote:
> >
> > Hiya,
> >
> > On 12/02/18 09:26, Harald Alvestrand wrote:
> > > Den 12. feb. 2018 00:24, skrev Stephen Farrell:
> > >>
> > >> I forget if this was explicitly discussed before. Apologies if
> > >> it was.
> > >>
> > >> I consider the following text ridiculous:
> > >>
> > >>    "Mode 1 MUST only be used when user consent has
> > >>     been provided;"
> > >>
> > >> The reason is that it is not possible for all WebRTC users to
> > >> ever provide real consent to something dealing with which IP
> > >> addresses are used in ICE. So assuming consent is just BS, as
> > >> people cannot provide consent to something they do not understand.
> > >> (And that won't be explained by their systems or s/w.)
> > >>
> > >> For me, that means that this draft will appear pretty much as a
> > >> fig leaf, intended by us technologists to allow us to pretend
> > >> we're doing the right thing, when we're not. I think that's not
> > >> really that useful.
> > >>
> > >> Is it really too late to try fix the concept of consent that's
> > >> (ab)used in WebRTC?
> > >
> > > I'm sorry, but I don't agree with you on this point.
> >
> > Fair enough.
> >
> > >
> > > The decision to go for these modes was based on the theory that if the
> > > user has already consented to the near-perfect tracking abilities that
> > > are implicit in offering a video stream (tracking camera defects, for
> > > instance), and all the information that can be gleaned from a live
> audio
> > > stream, then the idea of protecting the user against tracking by
> > > restricting access to his IP addresses became of so little value that
> it
> > > was moot and was worth trading away for better performance of the
> > > functions the user asked for.
> >
> > I understand that logic. It does however seem to have caused
> > issues for at least some people who don't agree that the this
> > leakage is moot. I'm not claiming that all such claims are
> > well founded, but I think at least some are.
> >
> > So this document tries to address two sets of issues:
> > a) leakage in contexts when the user is not intentionally using a WebRTC
> application
> > b) leakage in contexts when the user is intentionally using a WebRTC
> application
> >
> > The 'consent' discussion is focused around a), with the result being
> that the ISP address will not be provided when using a VPN unless the user
> has consented to use of their camera. The WG went back and forth and came
> to a rough consensus on this being a reasonable solution to the problem.
> >
> > However, b) is also discussed in the document, and browsers could
> implement their own local policy, e.g., their own default or perhaps a
> preference to exclusively use Mode 2, regardless of webcam consent.
> >
> > Such an approach wouldn't provide as much nuance as your suggested
> per-interface permission list, but there already are examples of this
> (various browser extensions that set the ip-handling mode), and I think we
> can all admit that asking OSes to indicate which interfaces are OK to use
> for ICE would be a long-term project.
> >
> > If it would help, I could rework the section around the recommended
> defaults to make it clear that users or browsers could choose not to use
> Mode 1, and/or discuss the defaults and how they relate to a)/b) above.
>
> Justin: Since you offered ;) Go ahead and take a stab at it.
>
> Everybody: Hoping this won’t be too controversial since it appeared that
> we were getting very close to being done with this draft.
>
> > > Explanations about what the IP address is for and how it is used
> doesn't
> > > matter in this argument. The point is that the user has already agreed
> > > to a degree of invasion of privacy that a) is perfectly understandable,
> > > and b) is of significantly more significance than what's being
> discussed
> > > here.
> > >
> > > Unfortunately the way in which documents depend on each other, and the
> > > degree to which it's desirable to have each area of concern be
> described
> > > on its own, make it hard to state this in the document as explicitly as
> > > I do when discussing it.
> > >
> > > This thread re-raises an issue that has been hashed over many times,
> and
> > > I believe the current draft represents the (rough) consensus of the WG
> > > on this matter.
> >
> > I'm willing to accept that I'm in the rough in terms of how
> > the WG is using the term "consent."
> >
> > Nonetheless, if the term can be avoided here, then I still
> > think that'd be an improvement.
>
> Stephen: The only thing I’d add to Harald's point is that this draft
> hasn’t yet been through WGLC, but the draft has basically had the same
> recommendations since before it was a WG draft (the draft was adopted about
> two years ago).  Namely, Mode 1 (enumerate all addresses) is recommended
> only if the user has done something explicit else Mode 2 (default route +
> associated local addresses) is recommended.  While Justin might be
> reworking the section around the recommended defaults, I don’t think the
> recommended defaults are going to change (unless of course there’s a pretty
> substantial outcry that’s going to upset what appeared to be the emerging
> rough consensus).
>
> spt

v2.23.0 | Report a Bug | By Email