Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
Christer Holmberg <christer.holmberg@ericsson.com> Thu, 19 October 2017 12:40 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 197181241F3; Thu, 19 Oct 2017 05:40:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5iTmfxs28lT; Thu, 19 Oct 2017 05:40:41 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4158B1347FE; Thu, 19 Oct 2017 05:40:22 -0700 (PDT)
X-AuditID: c1b4fb25-debff70000000c94-0f-59e89d346247
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 6E.73.03220.43D98E95; Thu, 19 Oct 2017 14:40:20 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.191]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.03.0352.000; Thu, 19 Oct 2017 14:40:19 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Harald Alvestrand <harald@alvestrand.no>, "ice@ietf.org" <ice@ietf.org>
CC: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
Thread-Index: AQHTSA3U4CXrlZbiCEazjRESjRn5kqLrHq1A
Date: Thu, 19 Oct 2017 12:40:19 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B56364946@ESESSMB109.ericsson.se>
References: <D60D26FD.24381%christer.holmberg@ericsson.com>
In-Reply-To: <D60D26FD.24381%christer.holmberg@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgkeLIzCtJLcpLzFFi42KZGbHdQ9dk7otIg6YTwhbH+rrYLL5dqLVY +6+d3YHZ48qEK6weS5b8ZApgiuKySUnNySxLLdK3S+DK+L1/LlvBRN6K13ddGhg/cHUxcnJI CJhIdG9cwNbFyMUhJHCEUeLI0W+MEM4SRon5y1vZuxg5ONgELCS6/2mDxEUEGhkl7sx8yATS zSygLnFn8Tl2EFtYIEvi1NGDjCC2iEC2xIHujUwQtpHEk6/HwWwWAVWJL9f2g9XzCvhK/Hw1 CcwWErCWaHz6EczmFLCRuL7jKhuIzSggJvH91BqoXeISt57MZ4K4WkBiyZ7zzBC2qMTLx/9Y IWwlicYlT1gh6vUkbkydwgZha0ssW/iaGWKvoMTJmU9YJjCKzkIydhaSlllIWmYhaVnAyLKK UbQ4tTgpN93IWC+1KDO5uDg/Ty8vtWQTIzBeDm75rbqD8fIbx0OMAhyMSjy8G5tfRAqxJpYV V+YeYpTgYFYS4c0PAArxpiRWVqUW5ccXleakFh9ilOZgURLnddx3IUJIID2xJDU7NbUgtQgm y8TBKdXAGPPFYJnuXO3a6bpZUY8MTaZmSDvLMGnKfKv/6i24cAW7YR9/ZKeL1/U1S5ZbGqtN ED3swSPEVygWdCdm+ccJdgvP2ofMfMzkGNa06LFSycUgBv7snTzfvLdcMzMyj42q9/L5e/f/ htcL0gtrP0kkV1ycsWfd/nuKobxB+crWviH8EneeznBVYinOSDTUYi4qTgQAenK3KZMCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/ngRVQJ7rCmF7zJdr1MWdX8MwJN4>
Subject: Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 12:40:43 -0000
Hi, The PR has been merged. Regards, Christer -----Original Message----- From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Christer Holmberg Sent: 18 October 2017 14:37 To: Harald Alvestrand <harald@alvestrand.no>; ice@ietf.org Cc: rtcweb@ietf.org Subject: Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12 - Security Considerations Pull Request Hi, ... >> >>> * Security considerations should mention the problem that ICE >>>reveals addresses that might otherwise remain hidden, and that this >>>is a privacy concern. >> >> I would be glad if someone could provide text for that, to make sure >> we get it right. > >The paragraph I suggested in the PDF was: > >³The process of probing for candidates reveals the source addresses of >the client and its peer to any on-network listening attacker, and the >process of exchanging candidates reveals the addresses to any attacker >that is able to see the negotiation. Some addresses, such as the server >reflexive addresses gathered through the local interface of VPN users, >may be sensitive information. If these potential attacks can¹t be >mitigated, the implementation may want to institute controls for which >addresses are revealed to the negotiation and/or probing process. Such >controls need to be specified as part of the ICE usage.² > >Of course, that's only my suggestion. Pull request created: https://github.com/ice-wg/rfc5245bis/pull/49 Regards, Christer _______________________________________________ rtcweb mailing list rtcweb@ietf.org https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc524… Christer Holmberg
- Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc524… Christer Holmberg