IETF Logo Mail Archive

Re: [rtcweb] Please require user consent for data channels

Roman Shpount <roman@telurix.com> Mon, 20 July 2015 14:35 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B83011A88F2 for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 07:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 587X_FxJ4xmY for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 07:35:16 -0700 (PDT)
Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com [209.85.223.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F40731A890D for <rtcweb@ietf.org>; Mon, 20 Jul 2015 07:35:15 -0700 (PDT)
Received: by iehx8 with SMTP id x8so38785634ieh.3 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 07:35:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HRu0b806Y9D3JYhtnKfqk/WA7ARjJQuUUmpn6ghqXCs=; b=l0RB9+M9r6uaDKQBV9VdLLuCFvOrzGCuLB4zsEAnW1UmhaUJyOYYHox5GXv4q+LdpN aD/uE1denYjAjOdwpgH/R4dQBMli2zNQq1zXkFA8lZl+ZDTlTXNDeJkSA03mcMfYrEeY aYxn6faUzvsCEcELkRfBkIiztUFqEgabVb4ATGE6//GcfJsjO3OuASM4logMBXuHAVzN ZKl8quupSB7Lbr9WXFEHiptn722gDjiGpW47Jr2jKg7geCAOAVAhBbWsbtvrWNElWhHy QnufwG4jvxk28xtfmQDzv+GECzuUXrouYBQEwOSVrT4szPuXahzQuVqgtmllSAGf54D3 e2vQ==
X-Gm-Message-State: ALoCoQlKe2zfxYE3NCt7Un0B4JdFzAszuLNWHBse/Z0opjP63IxJUvHsKoWLgbf6TgPCfHbm1xKf
X-Received: by 10.107.3.224 with SMTP id e93mr29389802ioi.160.1437402913898; Mon, 20 Jul 2015 07:35:13 -0700 (PDT)
Received: from mail-ig0-f169.google.com (mail-ig0-f169.google.com. [209.85.213.169]) by smtp.gmail.com with ESMTPSA id w4sm5329221igl.22.2015.07.20.07.35.12 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Jul 2015 07:35:12 -0700 (PDT)
Received: by igvi1 with SMTP id i1so78076639igv.1 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 07:35:11 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.7.214 with SMTP id g83mr40841337ioi.28.1437402539913; Mon, 20 Jul 2015 07:28:59 -0700 (PDT)
Received: by 10.36.89.70 with HTTP; Mon, 20 Jul 2015 07:28:59 -0700 (PDT)
In-Reply-To: <55AABE28.8070105@jive.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <CAOJ7v-24VCW6kkn7LOLkqZzhYEU0r=nmd_F7Zns1rnyqKN6xAg@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <CALiegfmiS18Jux-kCgOhTKKiyGtMertj6xCegpFrox5NOf9EJg@mail.gmail.com> <CABkgnnW0Tmjqz823vKiF84_u6HasBJC7ERMYCO2HL_NPj5saTA@mail.gmail.com> <CALiegfkpbLy1QXxr-RRF0oOpVv1sWsFeab=vvC4iT4DnPtjKQw@mail.gmail.com> <CABkgnnVWcuhX2NjZgx87L+Uo6df6rEBWW73cxbaX3mu_VfHmCA@mail.gmail.com> <CALiegfkQWAn-jMrjhcDPA3rtowOPVk-S8z3c-jvjpNmjtf=3hA@mail.gmail.com> <CABkgnnWERM4oxozNCSvRf1o0Wm-d9Bjw=9B+xh_NJ+h6GfBJ6Q@mail.gmail.com> <CAD5OKxt-DZCGFECv2UYH8g0fD6EAk39cdpWD-CsN_ED6L4hfKg@mail.gmail.com> <CALiegf=zM54gNjgj65VYV5H3tS-iV5Kg0PrBeF7svYRYZ-JLPw@mail.gmail.com> <55AABE28.8070105@jive.com>
Date: Mon, 20 Jul 2015 10:28:59 -0400
Message-ID: <CAD5OKxvAoHWuhXSMpAkOQ4sbkZCbne=z9kEHuYaFEZy_zLqNDg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Simon Perreault <sperreault@jive.com>
Content-Type: multipart/alternative; boundary="001a113f911cca7a25051b4f5ba5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/uQt1tB4yXPHCUMetN5qTikm9na0>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 14:35:21 -0000

On Sat, Jul 18, 2015 at 4:59 PM, Simon Perreault <sperreault@jive.com>
wrote:

> This is a concept that was explained during the ICE tutorial that was
> presented at IETF 92.
>
> Imagine the following multihomed host with three interfaces:
>
> - Wi-fi interface with default route.
> - Wired interface with default route.
> - VPN interface with default route.
>

On the multihomed host, all the default routes will have different metrics.
In some cases these metrics are automatically calculated by OS. In some
cases, they are set by the system administrator. In either case, ICE
ignores the metric value and tries to route over all interfaces. This is
unexpected and can be considered a violation of the local policy (i.e. if
administrator added a route with a lower metric, it expects it to be used).
No other browser protocol does this.


> Which one should you use to talk to the STUN/TURN server? If you bind to
> 0.0.0.0 then the kernel *will* pick one, but only because it *has to.
> All three interfaces are equivalent: they all have a default route and
> can a priori be used to talk to the server.
>

See above, this is not the case. All interfaces have a default route but
they are not equal. If they were equal, OS will round robin among them.

Being multihomed means multiple interfaces with a default route. There's
> no "going against the local policy" in this case when sending packets on
> any interface.
>

Once again, this is not the case. Metric value on the interface is local
policy and should be respected.


> The point is that in this case, all three interfaces can potentially
> yield different server-reflexive candidates, which is why they must be
> gathered separately. As for relayed candidates, they also need to be
> gathered separately because some interfaces may be faster for talking to
> the TURN server and it is useful to compare the candidates gathered on
> all 3 interfaces. Also nothing guarantees that you're allowed to reach
> the server server on any interface that has a default route, so you need
> to try them all.
>

This is a policy decision on the local computer. As a network administrator
I should be able to specified the preferred default route. It does not mean
that I should remove the default routes for all the other interfaces.
Setting a metric should be enough. On the other hand, if I prefer the
browser to pick the best connection on its own, I should be able to allow
this as well, but this is going to be a much less common case. Taking into
account potential privacy or financial implications of this choice, I think
the browser should error on the side of caution.

_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email