Re: [rtcweb] WG last call comments on use-case and requirement document, “hide IP address”
Bernard Aboba <bernard_aboba@hotmail.com> Mon, 29 April 2013 16:14 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BABAC21F9E11 for <rtcweb@ietfa.amsl.com>; Mon, 29 Apr 2013 09:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.147
X-Spam-Level:
X-Spam-Status: No, score=-102.147 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, SARE_SUB_ENC_UTF8=0.152, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmiCip9+vkr0 for <rtcweb@ietfa.amsl.com>; Mon, 29 Apr 2013 09:14:04 -0700 (PDT)
Received: from blu0-omc3-s36.blu0.hotmail.com (blu0-omc3-s36.blu0.hotmail.com [65.55.116.111]) by ietfa.amsl.com (Postfix) with ESMTP id 0815E21F9E10 for <rtcweb@ietf.org>; Mon, 29 Apr 2013 09:14:03 -0700 (PDT)
Received: from BLU405-EAS76 ([65.55.116.73]) by blu0-omc3-s36.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 29 Apr 2013 09:14:03 -0700
X-EIP: [42F/9c2yQNYGLCPLvxproOCG6dWiDpjG]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU405-EAS7628F0E8BBCA73258096C693B20@phx.gbl>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
References: <517E7E7D.1040905@ericsson.com>
From: Bernard Aboba <bernard_aboba@hotmail.com>
MIME-Version: 1.0 (1.0)
In-Reply-To: <517E7E7D.1040905@ericsson.com>
Date: Mon, 29 Apr 2013 09:14:03 -0700
To: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
X-OriginalArrivalTime: 29 Apr 2013 16:14:03.0725 (UTC) FILETIME=[911737D0:01CE44F4]
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] WG last call comments on use-case and requirement document, “hide IP address”
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 16:14:04 -0000
For Case 2 there are real customers out there (e.g. Women's shelters, Forensic psychologists dealing with criminals, etc.) so I would favor including it. For case 1, I think we need a bit more detail on the adversary model. Is this the same as Case 2 (e.g. Hiding from another user, not the web server or STUN server?) I can imagine scenarios where granular candidate control would be useful. Not sure I would put all those cases in the privacy bucket, though. On Apr 29, 2013, at 7:12, "Stefan Håkansson LK" <stefan.lk.hakansson@ericsson.com> wrote: > > > This relates to the comments to the WG last call of the use-cases and requirements document [1]. > > This is a discussion starting from A25 “ It must be possible for the application to refrain from exposing the IP address”. > > Discussed a lot ([2]-[24]). I think there are several aspects here that are discussed, and we need to separate them to enable a more fruitful discussion. The browser being configured to not reveal addresses applies to at least the following cases: > > 1) Private domain with NAT where the internal structure should be hidden can configure their browsers to not reveal that inner structure by only providing relay or NAT external candidates, none from the private space. > > 2) An user wants to avoid having their actual location revealed to any other user of the same service. > > 3) The user wants to be prevent revealing their point of attachment to the network even to the web service. > > This results in different functional requirements > > 1) Requires browser support but also configuration to determine which candidates are ok and which are not. It may be fine with server reflexive candidates and not only relay candidates > > 2) A browser could help, but is not required for this. The browser may have clearer understanding from where the different candidates were gotten and thus understand if they reflect a privacy issue or not. > > 3) Needs additional anonymity service, like TOR and something that prevents any actual interface addresses to be revealed to the web-app. > > > I think 3) is out of scope (that is how I interpret the discussion), but it is not clear to me if we want to meet 1) or 2) or both with this requirement. I would like input on this topic. > > Stefan > > > [1] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06136.html > > [2] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06198.html > [3] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06219.html > [4] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06220.html > [5] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06221.html > [6] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06222.html > [7] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06223.html > [8] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06233.html > [9] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06234.html > [10] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06235.html > [11] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06236.html > [12] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06238.html > [13] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06240.html > [14] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06241.html > [15] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06245.html > [16] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06247.html > [17] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06248.html > [18] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06253.html > [19] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06256.html > [20] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06259.html > [21] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06260.html > [22] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06261.html > [23] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06262.html > [24] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06180.html > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] WG last call comments on use-case and re… Stefan Håkansson LK
- Re: [rtcweb] WG last call comments on use-case an… Bernard Aboba
- Re: [rtcweb] WG last call comments on use-case an… Martin Thomson