[rtcweb] WG last call comments on use-case and requirement document, “hide IP address”
Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com> Mon, 29 April 2013 14:07 UTC
Return-Path: <stefan.lk.hakansson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5B021F9080 for <rtcweb@ietfa.amsl.com>; Mon, 29 Apr 2013 07:07:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KMgqHgyZGgn9 for <rtcweb@ietfa.amsl.com>; Mon, 29 Apr 2013 07:07:04 -0700 (PDT)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id B23C421F99EC for <rtcweb@ietf.org>; Mon, 29 Apr 2013 07:07:01 -0700 (PDT)
X-AuditID: c1b4fb30-b7f266d000000cb5-b0-517e7e7d9b98
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 4C.51.03253.D7E7E715; Mon, 29 Apr 2013 16:06:54 +0200 (CEST)
Received: from [150.132.141.119] (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.279.1; Mon, 29 Apr 2013 16:06:53 +0200
Message-ID: <517E7E7D.1040905@ericsson.com>
Date: Mon, 29 Apr 2013 16:06:53 +0200
From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMJMWRmVeSWpSXmKPExsUyM+JvrW5dXV2gwfezzBZr/7WzOzB6LFny kymAMYrLJiU1J7MstUjfLoEr4/61PsaCLumKc83vWRoYr4l3MXJySAiYSBz6uIwFwhaTuHBv PVsXIxeHkMApRolPpyaxQjhrGSUaZ6wGynBw8ApoS1yalgZisgioSmzv4QMx2QSCJWZMMQIZ IyoQJfHv7W5GEJtXQFDi5MwnYONFBNQlLj+8wA4yUVhgNqPE4yPvwSYyC9hLPNhaBlLDLCAv 0bx1NjOILSSgK/Hu9T3WCYx8s5CMmoXQMQtJxwJG5lWM7LmJmTnp5eabGIEBc3DLb4MdjJvu ix1ilOZgURLnnSFVGSgkkJ5YkpqdmlqQWhRfVJqTWnyIkYmDU6qBUdaSJ9nuiPFDq+6j0wIz FdwVDheudBZhCQ+5yOK/5tRvyxPCaQ+fVP7mNFhxR9l55vfcl6fvcZ2/x6Vpkizm/sPowobD Ju1Wf6pYP+zJSE1yTQjtM/7o36blfMl6gqK0xc+c7MKjRw5uX6k5IeRjusim17clqrJebI86 cfVh1zwb6cxDZ1/6KrEUZyQaajEXFScCAI5e5OzmAQAA
Subject: [rtcweb] WG last call comments on use-case and requirement document, “hide IP address”
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 14:07:05 -0000
This relates to the comments to the WG last call of the use-cases and requirements document [1]. This is a discussion starting from A25 “ It must be possible for the application to refrain from exposing the IP address”. Discussed a lot ([2]-[24]). I think there are several aspects here that are discussed, and we need to separate them to enable a more fruitful discussion. The browser being configured to not reveal addresses applies to at least the following cases: 1) Private domain with NAT where the internal structure should be hidden can configure their browsers to not reveal that inner structure by only providing relay or NAT external candidates, none from the private space. 2) An user wants to avoid having their actual location revealed to any other user of the same service. 3) The user wants to be prevent revealing their point of attachment to the network even to the web service. This results in different functional requirements 1) Requires browser support but also configuration to determine which candidates are ok and which are not. It may be fine with server reflexive candidates and not only relay candidates 2) A browser could help, but is not required for this. The browser may have clearer understanding from where the different candidates were gotten and thus understand if they reflect a privacy issue or not. 3) Needs additional anonymity service, like TOR and something that prevents any actual interface addresses to be revealed to the web-app. I think 3) is out of scope (that is how I interpret the discussion), but it is not clear to me if we want to meet 1) or 2) or both with this requirement. I would like input on this topic. Stefan [1] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06136.html [2] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06198.html [3] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06219.html [4] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06220.html [5] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06221.html [6] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06222.html [7] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06223.html [8] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06233.html [9] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06234.html [10] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06235.html [11] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06236.html [12] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06238.html [13] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06240.html [14] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06241.html [15] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06245.html [16] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06247.html [17] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06248.html [18] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06253.html [19] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06256.html [20] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06259.html [21] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06260.html [22] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06261.html [23] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06262.html [24] http://www.ietf.org/mail-archive/web/rtcweb/current/msg06180.html
- [rtcweb] WG last call comments on use-case and re… Stefan Håkansson LK
- Re: [rtcweb] WG last call comments on use-case an… Bernard Aboba
- Re: [rtcweb] WG last call comments on use-case an… Martin Thomson