[rtcweb] tweaks for ip-handling language

Alissa Cooper <alissa@cooperw.in> Wed, 16 November 2016 07:26 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 672D9129542 for <rtcweb@ietfa.amsl.com>; Tue, 15 Nov 2016 23:26:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=gC56OhN8; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=AnWnmbHV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e__R7Jb67OVy for <rtcweb@ietfa.amsl.com>; Tue, 15 Nov 2016 23:26:00 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2A57129421 for <rtcweb@ietf.org>; Tue, 15 Nov 2016 23:25:59 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 2ED58207FD for <rtcweb@ietf.org>; Wed, 16 Nov 2016 02:25:59 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute7.internal (MEProxy); Wed, 16 Nov 2016 02:25:59 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=/2HwXdlt3F7ViAtTkX8rcXoViaw=; b=gC56Oh N8XuB0aQSqNCESxe52VH3GXevI2NagqlTJxpTtI9AKxrkd6JFyOC1vC91NitlFKS gYoY+DmCWFUeQwnJl7Hrz5IvtmKAA3UKWUzi38tuzIVzqt6nxvGTKJLYM/glDiWQ Qy0bT13Sl4DEJu+p5XEs4N12OIG2JIQU35IQ8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=/2HwXdlt3F7ViA tTkX8rcXoViaw=; b=AnWnmbHVJLybhRckyEGh4CPHrmvRBdaE44GydL5pfYRTEE +/PKztm1WV8QU0PwE4j8jclp5YFuu4f7wVLhE6WCdOzdRhHQT87dUicD8BLcffzL rwgEAP/ZpQBi4QLQ3sXeJHaheJwZS5NJG7C9Jc763w8o7PZo4UlDlmTQ+gqks=
X-ME-Sender: <xms:BwosWEnuFEiP4sC1FbbPg8rQcXhMC45qNPuRr-byBNyp7-XhEr9b7g>
X-Sasl-enc: txjlR/h1CSGXMqRu1E7ZnwSEaKk9Y7xyrZ5wQWb/QH/m 1479281158
Received: from [10.24.126.92] (unknown [128.107.241.178]) by mail.messagingengine.com (Postfix) with ESMTPA id 8BE6C2442C for <rtcweb@ietf.org>; Wed, 16 Nov 2016 02:25:58 -0500 (EST)
From: Alissa Cooper <alissa@cooperw.in>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <C770F9D2-549D-4B33-94CD-6954B433F1B7@cooperw.in>
Date: Wed, 16 Nov 2016 16:25:56 +0900
To: RTCWeb IETF <rtcweb@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/xVOXTu7u92zW5OKvH1e1vLlQgEU>
Subject: [rtcweb] tweaks for ip-handling language
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 07:26:01 -0000

This still needs the fix for “all possible candidates.”

OLD
Gathering all possible candidates SHOULD only be performed when some form of user consent has been provided; this thwarts the typical drive-by enumeration attacks.  The details of this consent are left to the implementation; one potential mechanism is to key this off getUserMedia consent.  The getUserMedia suggestion takes into account that the user has provided some consent to the application already; that when doing so the user typically wants to engage in a conversational session, which benefits most from an optimal network path, and lastly, the fact that the underlying issue is complex and difficult to explain, making explicit consent for enumeration troublesome.

NEW
Gathering all possible candidates MUST only be performed when some form of user consent has been provided; this thwarts the typical drive-by enumeration attacks.  The details of this consent are left to the implementation. One potential mechanism is to tie this consent to getUserMedia consent. Such a mechanism might be chosen based on the fact that the user has provided some consent to the application already; that when doing so the user typically wants to engage in a conversational session, which benefits most from an optimal network path, and lastly, the fact that the underlying issue is complex and difficult to explain, making explicit consent for enumeration troublesome.