Issue 213: Privacy issues from Bernard Aboba on 2015-06-12 (public-ortc@w3.org from June 2015)

From: Bernard Aboba <Bernard.Aboba@microsoft.com>
Date: Fri, 12 Jun 2015 21:59:44 +0000
To: "public-ortc@w3.org" <public-ortc@w3.org>
Message-ID: <BLUPR03MB149F073B4BABD4998F2C75DECBB0@BLUPR03MB149.namprd03.prod.outlook.com>

>From Philipp Hancke's review comments:

18) page 12, section 3.11

DOMString relatedAddress = "";
unsigned short relatedPort;
I don't think those attributes are useful,
just a potential leak of ip addresses when forcing turn-only relays. So I would not expose them.

32) page 20, section 5.8

can be used to reduce leakage of IP addresses in certain use cases.
add a note about setting rel-addr to 0.0.0.0 then
Comment by Martin Thomson:

Yes, this is a privacy issue, but those values are used to handle some corner cases in the deduplication algorithm. I'd be OK with them being replaced with (salted) hashes or something like that, but then you wouldn't be able to use SDP.

Received on Friday, 12 June 2015 22:00:16 UTC