IETF Logo Mail Archive

Re: [rtcweb] Please require user consent for data channels

Simon Perreault <sperreault@jive.com> Mon, 20 July 2015 13:26 UTC

Return-Path: <sperreault@jive.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D16AF1A8844 for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 06:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id akfDzL2f0AE8 for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 06:26:53 -0700 (PDT)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 149351A8846 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 06:26:52 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so87765902wib.1 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 06:26:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=htSRN64enufVjMGr0wYXCuT5OkNZABj5Y379p+wJLdE=; b=dkaxrPoiC0MjhIwqfwi4ot6nq/rTsIkB/x5SC1Fza51uiVmkCVpmOhxCjadDh0FK5x 6DwKksfy50Hi+2EFmpPVPyWAqijK3mnZ9KxWvFjYDS/7dJUksxyuTDWGySSwk2hpXC6f IRs312pKypZKYnsSA/Vf+T8bJ7vtt+aXBdH4UuHk+o2CJ/RVDCkHq4b5vAumyejtxJlX NCeTdZ5YUY5i72t+whvofhCPQzU0wDlZ6KQpItlbEHBqgBPzoDvkiZLMaE72omBJ5Bie 95hFLUOwDnpOJ0mUbIeNEPFnP4cAdVp0qS1kMA3YyQLlaXjkKEC0ItoLLyv7dztMc+XO FYgg==
X-Gm-Message-State: ALoCoQkTxui+7wFiIMx+lOhe2BoqLVO35IqdKGEP1+dZWf19m8cvQ3awH2849pfa3rNu3xPx4ZWS
X-Received: by 10.194.58.199 with SMTP id t7mr57860008wjq.45.1437398810748; Mon, 20 Jul 2015 06:26:50 -0700 (PDT)
Received: from dhcp-b3b5.meeting.ietf.org ([2001:67c:370:176:8c28:2ddb:9d64:1c21]) by smtp.googlemail.com with ESMTPSA id pn6sm32011406wjb.36.2015.07.20.06.26.49 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Jul 2015 06:26:49 -0700 (PDT)
Message-ID: <55ACF718.3010000@jive.com>
Date: Mon, 20 Jul 2015 15:26:48 +0200
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Tim Panton <tim@phonefromhere.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <CALiegfmiS18Jux-kCgOhTKKiyGtMertj6xCegpFrox5NOf9EJg@mail.gmail.com> <CABkgnnW0Tmjqz823vKiF84_u6HasBJC7ERMYCO2HL_NPj5saTA@mail.gmail.com> <CALiegfkpbLy1QXxr-RRF0oOpVv1sWsFeab=vvC4iT4DnPtjKQw@mail.gmail.com> <CABkgnnVWcuhX2NjZgx87L+Uo6df6rEBWW73cxbaX3mu_VfHmCA@mail.gmail.com> <CALiegfkQWAn-jMrjhcDPA3rtowOPVk-S8z3c-jvjpNmjtf=3hA@mail.gmail.com> <CABkgnnWERM4oxozNCSvRf1o0Wm-d9Bjw=9B+xh_NJ+h6GfBJ6Q@mail.gmail.com> <7F818FAC-5559-4074-B1FC-EB9516A98FB7@phonefromhere.com> <55ACEA74.8050 300@jive.com> <13F9D9AE-7B6B-40DE-BDD7-DDED28382EAB@phonefromhere.com>
In-Reply-To: <13F9D9AE-7B6B-40DE-BDD7-DDED28382EAB@phonefromhere.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/xdXjczMvrMidw2XQJLQGJKxXJtg>
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 13:26:55 -0000

Le 2015-07-20 14:58, Tim Panton a écrit :
> If I understand correctly we bind to each and every interface
> that is up and send out packets to all remote candidates down _every_ interface,
> ignoring any preferences set by the admin in the local routing table which
> were set to ensure (say) only critical traffic is sent down certain interfaces.

I have difficulty understanding what it is that's bugging you. Is it the
signalling payload (i.e., sending the list of address), or is it the
connectivity checks that are done on all candidate pairs?

> I can think of some financial institutions who’s IDSs will go off when packets
> to public external addresses start turning up on internal LANS . (hopefully they 
> will get dropped at the egress router, but by then the IDS will have paged someone).

But that's not going to happen unless there's a route. I think there
could be a misunderstanding here. For example, if there's a VPN with a
10.0.0.0/8 route but no default route, the ICE client will *not* send a
request to a TURN server listening on 192.0.2.1 over the VPN interface.
That would make no sense whatsoever.

> Likewise my fantastically expensive BGAN link which is used for
> emergencies only will suddenly start carrying STUN requests irrespective of how I configure my
> routes ?

Only if it's possible to route the packet to the STUN server over the
BGAN link. There must be a route.

Simon

v2.23.0 | Report a Bug | By Email