< draft-ietf-mmusic-mdns-ice-candidates-01.txt   draft-ietf-mmusic-mdns-ice-candidates-02.txt >
MMUSIC Y. Fablet MMUSIC Y. Fablet
Internet-Draft Apple Inc. Internet-Draft Apple Inc.
Updates: 8839 (if approved) J. de Borst Updates: 8839 (if approved) J. de Borst
Intended status: Informational J. Uberti Intended status: Informational Google
Expires: September 10, 2021 Q. Wang Expires: 28 April 2022 J. Uberti
Clubhouse
Q. Wang
Google Google
March 09, 2021 25 October 2021
Using Multicast DNS to protect privacy when exposing ICE candidates Using Multicast DNS to protect privacy when exposing ICE candidates
draft-ietf-mmusic-mdns-ice-candidates-01 draft-ietf-mmusic-mdns-ice-candidates-02
Abstract Abstract
WebRTC applications collect ICE candidates as part of the process of WebRTC applications collect ICE candidates as part of the process of
creating peer-to-peer connections. To maximize the probability of a creating peer-to-peer connections. To maximize the probability of a
direct peer-to-peer connection, client private IP addresses are direct peer-to-peer connection, client private IP addresses are
included in this candidate collection. However, disclosure of these included in this candidate collection. However, disclosure of these
addresses has privacy implications. This document describes a way to addresses has privacy implications. This document describes a way to
share local IP addresses with other clients while preserving client share local IP addresses with other clients while preserving client
privacy. This is achieved by concealing IP addresses with privacy. This is achieved by concealing IP addresses with
skipping to change at page 1, line 40 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2021. This Internet-Draft will expire on 28 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. ICE Candidate Gathering . . . . . . . . . . . . . . . . . 3 3.1. ICE Candidate Gathering . . . . . . . . . . . . . . . . . 3
3.1.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 4 3.1.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 4
3.1.2. Implementation Guidance . . . . . . . . . . . . . . . 5 3.1.2. Implementation Guidance . . . . . . . . . . . . . . . 4
3.2. ICE Candidate Processing . . . . . . . . . . . . . . . . 6 3.2. ICE Candidate Processing . . . . . . . . . . . . . . . . 6
3.2.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 6 3.2.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 6
3.2.2. Implementation Guidance . . . . . . . . . . . . . . . 7 3.2.2. Implementation Guidance . . . . . . . . . . . . . . . 7
3.3. Additional Privacy Considerations . . . . . . . . . . . . 7 3.3. Additional Privacy Considerations . . . . . . . . . . . . 7
3.3.1. Statistics . . . . . . . . . . . . . . . . . . . . . 7 3.3.1. Statistics . . . . . . . . . . . . . . . . . . . . . 7
3.3.2. Interactions With TURN Servers . . . . . . . . . . . 8 3.3.2. Interactions With TURN Servers . . . . . . . . . . . 8
3.3.3. Generated Name Reuse . . . . . . . . . . . . . . . . 8 3.3.3. Generated Name Reuse . . . . . . . . . . . . . . . . 8
3.3.4. Specific Browsing Contexts . . . . . . . . . . . . . 8 3.3.4. Specific Browsing Contexts . . . . . . . . . . . . . 9
3.3.5. Network Interface Enumeration . . . . . . . . . . . . 9 3.3.5. Network Interface Enumeration . . . . . . . . . . . . 9
3.3.6. Monitoring of Sessions . . . . . . . . . . . . . . . 9 3.3.6. Monitoring of Sessions . . . . . . . . . . . . . . . 9
4. Update to RFC 8839 . . . . . . . . . . . . . . . . . . . . . 9 4. Update to RFC 8839 . . . . . . . . . . . . . . . . . . . . . 9
5. Potential Limitations . . . . . . . . . . . . . . . . . . . . 10 5. Potential Limitations . . . . . . . . . . . . . . . . . . . . 10
5.1. Reduced Connectivity . . . . . . . . . . . . . . . . . . 10 5.1. Reduced Connectivity . . . . . . . . . . . . . . . . . . 10
5.2. Connection Setup Latency . . . . . . . . . . . . . . . . 10 5.2. Connection Setup Latency . . . . . . . . . . . . . . . . 10
5.3. Backward Compatibility . . . . . . . . . . . . . . . . . 11 5.3. Backward Compatibility . . . . . . . . . . . . . . . . . 11
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 11 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.1. Normal Handling . . . . . . . . . . . . . . . . . . . . . 11 6.1. Normal Handling . . . . . . . . . . . . . . . . . . . . . 11
6.2. Peer-reflexive Candidate From Slow Signaling . . . . . . 12 6.2. Peer-reflexive Candidate From Slow Signaling . . . . . . 12
6.3. Peer-reflexive Candidate From Slow Resolution . . . . . . 13 6.3. Peer-reflexive Candidate From Slow Resolution . . . . . . 13
6.4. IPv4, IPv6, and STUN handling . . . . . . . . . . . . . . 13 6.4. IPv4, IPv6, and STUN handling . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7.1. mDNS Message Flooding . . . . . . . . . . . . . . . . . . 15 7.1. mDNS Message Flooding . . . . . . . . . . . . . . . . . . 16
7.2. Malicious Responses to Deny Name Registration . . . . . . 16 7.2. Malicious Responses to Deny Name Registration . . . . . . 17
7.3. Unsolicited ICE Communications . . . . . . . . . . . . . 17 7.3. Unsolicited ICE Communications . . . . . . . . . . . . . 17
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
9.1. Normative References . . . . . . . . . . . . . . . . . . 17 9.1. Normative References . . . . . . . . . . . . . . . . . . 17
9.2. Informative References . . . . . . . . . . . . . . . . . 18 9.2. Informative References . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
As detailed in [IPHandling], exposing client private IP addresses by As detailed in [IPHandling], exposing client private IP addresses by
skipping to change at page 15, line 45 skipping to change at page 16, line 4
C2.1: candidate:1 1 udp 2122262783 b977f597-260c-4f70-9ac4- C2.1: candidate:1 1 udp 2122262783 b977f597-260c-4f70-9ac4-
26e69b55f966.local 20004 typ host 26e69b55f966.local 20004 typ host
C2.2: candidate:2 1 udp 2122262527 ac4595a7-7e42-4e85-85e6- C2.2: candidate:2 1 udp 2122262527 ac4595a7-7e42-4e85-85e6-
c292abe0e681.local 20006 typ host c292abe0e681.local 20006 typ host
C2.3: candidate:1 1 udp 1686055167 192.0.2.2 C2.3: candidate:1 1 udp 1686055167 192.0.2.2
40004 typ srflx raddr 0.0.0.0 rport 0 40004 typ srflx raddr 0.0.0.0 rport 0
C2.4: candidate:2 1 udp 1686054911 2001:db8::2 C2.4: candidate:2 1 udp 1686054911 2001:db8::2
20006 typ srflx raddr 0.0.0.0 rport 0 20006 typ srflx raddr 0.0.0.0 rport 0
7. Security Considerations 7. Security Considerations
7.1. mDNS Message Flooding 7.1. mDNS Message Flooding
The implementation of this proposal requires the mDNS querying The implementation of this proposal requires the mDNS querying
capability of the browser for registering mDNS names or adding remote capability of the browser for registering mDNS names or adding remote
ICE host candidates with such names. It also requires the mDNS ICE host candidates with such names. It also requires the mDNS
responding capability of either the browser or the operating platform responding capability of either the browser or the operating platform
of the browser for registering, removing or resolving mDNS names. In of the browser for registering, removing or resolving mDNS names. In
particular, particular,
o the registration of name requires optional probing queries and * the registration of name requires optional probing queries and
mandatory announcing responses ([RFC6762], Section 8), and this is mandatory announcing responses ([RFC6762], Section 8), and this is
performed at the beginning of ICE gathering; performed at the beginning of ICE gathering;
o the addition of remote ICE host candidates with mDNS names * the addition of remote ICE host candidates with mDNS names
generates mDNS queries for names of each candidate; generates mDNS queries for names of each candidate;
o the removal of names could happen when the browsing context of the * the removal of names could happen when the browsing context of the
ICE agent is destroyed in an implementation, and goodbye responses ICE agent is destroyed in an implementation, and goodbye responses
should be sent to invalidate records generated by the ICE agent in should be sent to invalidate records generated by the ICE agent in
the local network ([RFC6762], Section 10.1). the local network ([RFC6762], Section 10.1).
A malicious Web application could flood the local network with mDNS A malicious Web application could flood the local network with mDNS
messages by: messages by:
o creating browsing contexts that create ICE agents and start * creating browsing contexts that create ICE agents and start
gathering of local ICE host candidates; gathering of local ICE host candidates;
o destroying these local candidates soon after the name registration * destroying these local candidates soon after the name registration
is done; is done;
o adding fictitious remote ICE host candidates with mDNS names. * adding fictitious remote ICE host candidates with mDNS names.
[RFC6762] defines a general per-question and per-record multicast [RFC6762] defines a general per-question and per-record multicast
rate limiting rule, in which a given question or record on a given rate limiting rule, in which a given question or record on a given
interface cannot be sent less than one second since its last interface cannot be sent less than one second since its last
transmission. This rate limiting rule however does not mitigate the transmission. This rate limiting rule however does not mitigate the
above attacks, in which new names, hence new questions or records, above attacks, in which new names, hence new questions or records,
are constantly created and sent. Therefore, a browser-wide mDNS are constantly created and sent. Therefore, a browser-wide mDNS
message rate limit MUST be provided for all mDNS queries and message rate limit MUST be provided for all mDNS queries and
responses that are dispatched during the ICE candidate gathering and responses that are dispatched during the ICE candidate gathering and
processing described in Section 3. A browser MAY implement more processing described in Section 3. A browser MAY implement more
skipping to change at page 18, line 33 skipping to change at page 18, line 43
<https://www.rfc-editor.org/info/rfc6762>. <https://www.rfc-editor.org/info/rfc6762>.
[RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive
Connectivity Establishment (ICE): A Protocol for Network Connectivity Establishment (ICE): A Protocol for Network
Address Translator (NAT) Traversal", RFC 8445, Address Translator (NAT) Traversal", RFC 8445,
DOI 10.17487/RFC8445, July 2018, DOI 10.17487/RFC8445, July 2018,
<https://www.rfc-editor.org/info/rfc8445>. <https://www.rfc-editor.org/info/rfc8445>.
9.2. Informative References 9.2. Informative References
[HTMLSpec] [HTMLSpec] "HTML Living Standard", n.d.,
"HTML Living Standard", n.d.,
<https://html.spec.whatwg.org>. <https://html.spec.whatwg.org>.
[ICESDP] Keranen, A., "Session Description Protocol (SDP) Offer/ [ICESDP] Keranen, A., "Session Description Protocol (SDP) Offer/
Answer procedures for Interactive Connectivity Answer procedures for Interactive Connectivity
Establishment (ICE)", April 2018, Establishment (ICE)", 1 April 2018,
<https://tools.ietf.org/html/draft-ietf-mmusic-ice-sip- <https://tools.ietf.org/html/draft-ietf-mmusic-ice-sip-
sdp>. sdp>.
[IPHandling] [IPHandling]
Shieh, G., "WebRTC IP Address Handling Requirements", Shieh, G., "WebRTC IP Address Handling Requirements", 18
April 2018, <https://tools.ietf.org/html/draft-ietf- April 2018, <https://tools.ietf.org/html/draft-ietf-
rtcweb-ip-handling>. rtcweb-ip-handling>.
[JSEP] Rescorla, Ed, E., "JavaScript Session Establishment [JSEP] Rescorla, Ed, E., "JavaScript Session Establishment
Protocol", February 2019, Protocol", 27 February 2019,
<https://tools.ietf.org/html/draft-ietf-rtcweb-jsep>. <https://tools.ietf.org/html/draft-ietf-rtcweb-jsep>.
[Overview] [Overview] Alvestrand, H., "Overview: Real Time Protocols for
Alvestrand, H., "Overview: Real Time Protocols for Browser-based Applications", 12 November 2017,
Browser-based Applications", November 2017,
<https://tools.ietf.org/html/draft-ietf-rtcweb-overview>. <https://tools.ietf.org/html/draft-ietf-rtcweb-overview>.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.
and E. Lear, "Address Allocation for Private Internets", J., and E. Lear, "Address Allocation for Private
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918,
<https://www.rfc-editor.org/info/rfc1918>. February 1996, <https://www.rfc-editor.org/info/rfc1918>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <https://www.rfc-editor.org/info/rfc6146>. April 2011, <https://www.rfc-editor.org/info/rfc6146>.
[RTCWebSecurity] [RTCWebSecurity]
Rescorla, E., "Security Considerations for WebRTC", Rescorla, E., "Security Considerations for WebRTC", 22
January 2018, January 2018,
<https://tools.ietf.org/html/draft-ietf-rtcweb-security>. <https://tools.ietf.org/html/draft-ietf-rtcweb-security>.
[WebRTCSpec] [WebRTCSpec]
Bruaroey, J., "The WebRTC specification", n.d., Bruaroey, J.I., "The WebRTC specification", n.d.,
<https://w3c.github.io/webrtc-pc/>. <https://w3c.github.io/webrtc-pc/>.
[WebRTCStats] [WebRTCStats]
Bostroem, H., "Identifiers for WebRTC's Statistics API", Bostrรถm, H., "Identifiers for WebRTC's Statistics API",
n.d., <https://w3c.github.io/webrtc-stats/>. n.d., <https://w3c.github.io/webrtc-stats/>.
Authors' Addresses Authors' Addresses
Youenn Fablet Youenn Fablet
Apple Inc. Apple Inc.
Email: youenn@apple.com Email: youenn@apple.com
Jeroen de Borst Jeroen de Borst
skipping to change at page 19, line 44 skipping to change at page 20, line 4
Youenn Fablet Youenn Fablet
Apple Inc. Apple Inc.
Email: youenn@apple.com Email: youenn@apple.com
Jeroen de Borst Jeroen de Borst
Google Google
Email: jeroendb@google.com Email: jeroendb@google.com
Justin Uberti Justin Uberti
Google Clubhouse
Email: justin@uberti.name
Email: juberti@google.com
Qingsi Wang Qingsi Wang
Google Google
Email: qingsi@google.com Email: qingsi@google.com
 End of changes. 27 change blocks. 
42 lines changed or deleted 40 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/