Re: [rtcweb] Revealing IP addresses (Re: Review of draft-ietf-rtcweb-use-cases-and-requirements-10 (Part II))
Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com> Sat, 02 February 2013 12:56 UTC
Return-Path: <stefan.lk.hakansson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7B7621F9069 for <rtcweb@ietfa.amsl.com>; Sat, 2 Feb 2013 04:56:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.916
X-Spam-Level:
X-Spam-Status: No, score=-5.916 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cjm+ehufCZpp for <rtcweb@ietfa.amsl.com>; Sat, 2 Feb 2013 04:56:55 -0800 (PST)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECA121F900E for <rtcweb@ietf.org>; Sat, 2 Feb 2013 04:56:54 -0800 (PST)
X-AuditID: c1b4fb30-b7f0d6d000007e61-a9-510d0d153d84
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 9F.42.32353.51D0D015; Sat, 2 Feb 2013 13:56:53 +0100 (CET)
Received: from [153.88.52.47] (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.279.1; Sat, 2 Feb 2013 13:56:53 +0100
Message-ID: <510D0D14.4050301@ericsson.com>
Date: Sat, 02 Feb 2013 13:56:52 +0100
From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <50F97303.4070906@ericsson.com>, , , <CABkgnnWcqZ+dU+87djBQ0z47ufB-Go13mWyPi_ZQA8BPinQJEA@mail.gmail.com>, , <BLU002-W1705DC54006131B55B432A931F0@phx.gbl>, <BLU002-W210B8DBB897CAF5BECC501A931F0@phx.gbl>, <5109265F.6040106@ericsson.com> <BLU002-W123BE6BAA58BE0B26DEA28F931E0@phx.gbl> <510B9A41.8000804@ericsson.com> <510B9FD8.6000008@alvestrand.no> <510BB070.9040602@ericsson.com> <510CEAF9.6020509@alvestrand.no>
In-Reply-To: <510CEAF9.6020509@alvestrand.no>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPJMWRmVeSWpSXmKPExsUyM+Jvra4oL2+gwfEeWYu1/9rZHRg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV8fnuZqaCJeIVBzadYG1gnCLUxcjJISFgIrFrwXUWCFtM4sK9 9WxdjFwcQgInGSX2tc9jgnBWMkp8e3WQHaSKV0BbYseuHlYQm0VAReLe924mEJtNIFDi+v9f YLaoQJTE+6tNzBD1ghInZz4B2yAiICyx9VUvUA0Hh7BAhcSaVkeI+SuYJTa3zgKr5xTQldi+ 8TYbiM0sYCtxYQ7EdcwC8hLNW2eD1QgB1bx7fY91AqPALCQrZiFpmYWkZQEj8ypG9tzEzJz0 cvNNjMBAO7jlt8EOxk33xQ4xSnOwKInzhrteCBASSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXA uL99aQFPreVE5hKRT58C9rzVl+yfWnOi89A/xbBdMeEWHaeeT/yappXwo0Yv+Xwvp+Cfpw+E ea+5FhZHizMVKZz/9Pnu/ctpQQ+erVVUrdTpMjEyKlhcY+91em5n6uzOv4zqUZYyfmsSViVX SpY4d0ooBOy08/3xRUTxnw3TYcHtztN/LvusxFKckWioxVxUnAgAur5ZkgICAAA=
Subject: Re: [rtcweb] Revealing IP addresses (Re: Review of draft-ietf-rtcweb-use-cases-and-requirements-10 (Part II))
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2013 12:56:55 -0000
On 2013-02-02 11:31, Harald Alvestrand wrote: > On 02/01/2013 01:09 PM, Stefan Håkansson LK wrote: >> On 2013-02-01 11:58, Harald Alvestrand wrote: >>> On 02/01/2013 11:34 AM, Stefan Håkansson LK wrote: >>>>> >>>>> A25 It must be possible for the application to >>>>> refrain from exposing the IP address >>>>> >>>>> [BA] I am assuming we are talking about exposing the originating IP >>>>> address of media, which can be addressed via TURN. >>>>> If so, this is more of a protocol than an API requirement. Since the >>>>> ICE candidates need to exposed in the API in >>>>> order to allow them to be signaled, I am not sure how we can avoid >>>>> exposing those to the application. Similarly, the >>>>> HTTP server can obtain the IP address used by the HTTP client. Even >>>>> within SIP, there are VIA headers and contact >>>>> headers, so it is not easy to avoid disclosure of the IP address to >>>>> everyone. So I think we need to be more clear >>>>> about what we are trying to avoid exposing, and to whom. >>>> >>>> Personally I would like to get rid of this requirement. The >>>> application can always get all candidates. To have a way to let the >>>> application ask for _only_ the TURN candidates does not change this - >>>> that kind of API is more for convenience (so that the app you trust >>>> does not have to remove privacy revealing candidates from the offer, >>>> but can instead ask the browser to deliver an offer without them). >>> I think this requirement is important, but needs reformulation. >>> >>> Should we instead say >>> >>> "It MUST be possible to set up a call between two parties A and B >>> without one party learning the other party's IP address" >> >> This requirement is not on the browser (or its APIs) per se, if we go >> this path it almost belongs into another category than what we >> currently have. > > I think it is, actually - the A browser has to be able to send media to > B without sending IP packets to B, which means that it has to use an > intermediary, and force B to use an intermediary too. TURN does that, we > could imagine other solutions (the people who made Tor could probably > think of many more schemes). OK. Here is a shot at it: Fnn: The browser MUST be able to send streams and data to a peer in such a fashion that the peer is not (e.g. by inspection of packets belonging to the streams or data or any associated signaling messages) able to find out the xxxxx IP address used by the browser There has been some discussion of xxxxx; is it needed, and if so, what should it say? "host"? "local"? > > The API requirement is that the application should be able to request > that functionality. Yes, that is simple if we could get Fnn done... > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Gunnar Hellstrom
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Gunnar Hellstrom
- [rtcweb] WG Last Call: draft-ietf-rtcweb-use-case… Magnus Westerlund
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Eggert, Lars
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Eggert, Lars
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Stefan Håkansson LK
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Stefan Håkansson LK
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Cullen Jennings (fluffy)
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Martin Thomson
- [rtcweb] Review of draft-ietf-rtcweb-use-cases-an… Bernard Aboba
- [rtcweb] Review of draft-ietf-rtcweb-use-cases-an… Bernard Aboba
- [rtcweb] 2119 language in requirements (Re: Revie… Harald Alvestrand
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Stefan Håkansson LK
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Stefan Håkansson LK
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Matthew Kaufman (SKYPE)
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Mary Barnes
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Bernard Aboba
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Bernard Aboba
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Martin Thomson
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Martin Thomson
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Gunnar Hellstrom
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- [rtcweb] Wiretapping (Re: Review of draft-ietf-rt… Harald Alvestrand
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Barry Dingle
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Martin Thomson
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Harald Alvestrand
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Stefan Håkansson LK
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Stefan Håkansson LK
- Re: [rtcweb] Review of draft-ietf-rtcweb-use-case… Stefan Håkansson LK
- [rtcweb] Revealing IP addresses (Re: Review of dr… Harald Alvestrand
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Stefan Håkansson LK
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Emil Ivov
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Bernard Aboba
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Barry Dingle
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Dale R. Worley
- Re: [rtcweb] Playing regulator Bernard Aboba
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Gunnar Hellstrom
- Re: [rtcweb] Playing regulator Gunnar Hellstrom
- Re: [rtcweb] Playing regulator Bernard Aboba
- Re: [rtcweb] Playing regulator Richard Shockey
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Harald Alvestrand
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Stefan Håkansson LK
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Harald Alvestrand
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Rescorla
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Burger Eric
- Re: [rtcweb] Playing regulator Eric Burger
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Rescorla
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Burger
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Rescorla
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Burger
- Re: [rtcweb] Revealing IP addresses (Re: Review o… John Leslie
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Matthew Kaufman (SKYPE)
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Dan Wing
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Eric Rescorla
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Matthew Kaufman (SKYPE)
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Richard Barnes
- Re: [rtcweb] Revealing IP addresses (Re: Review o… Matthew Kaufman (SKYPE)
- Re: [rtcweb] WG Last Call: draft-ietf-rtcweb-use-… Magnus Westerlund