IETF Logo Mail Archive

Re: [rtcweb] Transports: RFC 4941 support?

Harald Alvestrand <harald@alvestrand.no> Fri, 21 March 2014 08:16 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B511A095A for <rtcweb@ietfa.amsl.com>; Fri, 21 Mar 2014 01:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.446
X-Spam-Level:
X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pg1gzhr5llbM for <rtcweb@ietfa.amsl.com>; Fri, 21 Mar 2014 01:16:02 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [158.38.152.117]) by ietfa.amsl.com (Postfix) with ESMTP id 492411A08B6 for <rtcweb@ietf.org>; Fri, 21 Mar 2014 01:16:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 5DF097C4A70; Fri, 21 Mar 2014 09:15:52 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HePXl60VnOoF; Fri, 21 Mar 2014 09:15:50 +0100 (CET)
Received: from [172.30.42.84] (c-58f0e555.03-217-73746f1.cust.bredbandsbolaget.se [85.229.240.88]) by mork.alvestrand.no (Postfix) with ESMTPSA id C04EA7C0CC2; Fri, 21 Mar 2014 09:15:50 +0100 (CET)
Message-ID: <532BF536.2060505@alvestrand.no>
Date: Fri, 21 Mar 2014 09:15:50 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <CAOJ7v-0Hw0NFs_avsB2Z8do21BCws2LRZSeSh6HP0t455SPXyw@mail.gmail.com> <B6836FFA-867A-4CBF-9855-D265425EC5E1@cisco.com> <CAOqqYVE=i2L7FxGgKuV0DVaaxYOPnxzSEbDoq0_4Tqapna575g@mail.gmail.com> <CD747481-EBDA-4FFC-A31D-618E6E217420@cisco.com> <5329B617.2070001@alvestrand.no> <17885A74-50A3-49E3-8C54-E53C55019C73@cisco.com>
In-Reply-To: <17885A74-50A3-49E3-8C54-E53C55019C73@cisco.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------080203040305080106000402"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/yNkHymBpfIhrCq2rD1YhFxjBuEo
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Transports: RFC 4941 support?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 08:16:08 -0000

On 03/20/2014 03:52 PM, Dan Wing wrote:
>
> On Mar 19, 2014, at 8:21 AM, Harald Alvestrand <harald@alvestrand.no
> <mailto:harald@alvestrand.no>> wrote:
>
>> On 03/19/2014 04:08 PM, Dan Wing wrote:
>>>
>>> On Mar 19, 2014, at 12:02 AM, Harald Alvestrand <hta@google.com
>>> <mailto:hta@google.com>> wrote:
>>>
>>>> I'd like to be silent on the issue, since which IPv6 addresses to
>>>> prefer is likely to be a matter of system policy. Trying to
>>>> override system policy in an application specific profile usually
>>>> leads to sadness.
>>>
>>> The application needs to indicate if it wants a temporary address.
>>> If the host's policy (or configuration or network) does not support
>>> temporary addresses, the application won't get a temporary address.
>>>  I don't see why being silent helps?
>>
>> What API is it using?
>>
>> With a little Googling, the system policy I was thinking of was the
>> policy in RFC 6724 ("Default Address Selection for IPv6"), in
>> particular section 5 rule 7: "Prefer  temporary addresses".
>>
>> I'm happy to say "it is a good idea for systems to implement the
>> recommendations of RFC 6724" (or some more 2119-like language). I
>> wouldn't want to claim that if a system has chosen to prefer
>> non-temporary addresses, it would have to change its non-conformance
>> to RFC 6724 in order to be conformant with RTCWEB specifications.
>
> So perhaps:
>    "An RTCWEB implementation SHOULD prefer to use temporary addresses
> [RFC4941] where host and network policy permit [RFC6724]."
> ?
Or even be more explicit on what's being proposed:

"When a client gathers all IPv6 addresses on a host, and both temporary
addresses [RFC4941] and permanent addresses of the same scope are
present, the client SHOULD discard the permanent addresses before
forming pairs. This is consistent with the default policy described in
[RFC6724]."


Pulling back a little, I am starting to wonder if this is an ICE concern
rather than an RTCWEB concern. The explosion in candidate pairs as more
transport / network options come on line is a real operational problem,
and needs to be solved for all ICE usages.

I'll stick something in -transport, but RTCWEB is not the only thing
that will have this problem.


>
> -d
>
>
>>
>>>
>>> -d
>>>
>>>
>>>>
>>>>
>>>>
>>>> On Wed, Mar 19, 2014 at 6:14 AM, Dan Wing <dwing@cisco.com
>>>> <mailto:dwing@cisco.com>> wrote:
>>>>
>>>>
>>>>     On Mar 18, 2014, at 6:00 PM, Justin Uberti <juberti@google.com
>>>>     <mailto:juberti@google.com>> wrote:
>>>>
>>>>>     https://tools.ietf.org/html/rfc4941 defines the concept of
>>>>>     temporary IPv6 addresses. For, example, as enumerated on my
>>>>>     local system:
>>>>>
>>>>>     inet 172.31.x.y netmask 0xfffffe00 broadcast 172.31.x.255
>>>>>     inet6 2620::1008:100b:e2f8:47ff:wwww:xxxx prefixlen 64 autoconf 
>>>>>     inet6 2620::1008:100b:819e:1d3f:yyyy:zzzz prefixlen 64
>>>>>     autoconf *temporary *
>>>>>
>>>>>     As indicated in the RFC, the temporary addresses expire after
>>>>>     hours or days, and therefore could be used to prevent
>>>>>     long-term linkability of sessions. Expiration shouldn't be an
>>>>>     issue for WebRTC, since we can simply do ICE restart if this
>>>>>     occurs during a session.
>>>>>
>>>>>     Is this something we want to recommend in the transports doc?
>>>>
>>>>     Yes.
>>>>
>>>>     And it should be as frequent as every new 'call', if IPv6
>>>>     privacy addresses are to provide the same privacy as a NAPT44,
>>>>     as a NAPT44 should be assigning random ports per reasons
>>>>     described in RFC6056.
>>>>
>>>>     The transport document should also recommend doing port
>>>>     randomization (RFC6056), as that was found pretty useful for
>>>>     DNS, but randomizing ports is still not popular with many OS's
>>>>     TCP stacks for whatever reason.
>>>>
>>>>     -d
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> rtcweb mailing list
>>> rtcweb@ietf.org
>>> https://www.ietf.org/mailman/listinfo/rtcweb
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org <mailto:rtcweb@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rtcweb
>


-- 
Surveillance is pervasive. Go Dark.

v2.23.0 | Report a Bug | By Email