- From: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Date: Tue, 27 Oct 2009 15:24:28 +0100
- To: public-webapps <public-webapps@w3.org>
- Message-ID: <FAA1D89C5BAF1142A74AF116630A9F2C2890D48DEE@OBEEX01.obe.access-company.com>
Hi All, These are some comments about the requirements for WARP to handle the UPnP traffic. 1. UPnP uses multicast address 239.255.255.250. 2. UPnP uses UDP-based HTTP (GENA, SSDP). 3. The UPnP traffic takes place in local networks (LAN), therefore we shall assume that the host addresses will be from one of the private IP ranges [1]: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) a. We shall be able to assume that all private LANs are configured correctly with the above addresses and exclude other considerations/misconfigurations (alternatively we could mandate checking the DHCP configuration - masks etc. in the host to derive what the local network is, but it may lead us nowhere) 4. It is a security-related decision whether an application / widget may access both the Internet and the LAN network at the same time. a. Some interesting use cases may be realized. i. E.g. storage of the Internet-downloaded content (e.g. XHR's GET) onto UPnP device or e.g. SVN repository in LAN. b. Privacy is a concern. Thanks, Marcin [1] http://tools.ietf.org/html/rfc1918 Marcin Hanclik ACCESS Systems Germany GmbH Tel: +49-208-8290-6452 | Fax: +49-208-8290-6465 Mobile: +49-163-8290-646 E-Mail: marcin.hanclik@access-company.com ________________________________ ________________________________________ Access Systems Germany GmbH Essener Strasse 5 | D-46047 Oberhausen HRB 13548 Amtsgericht Duisburg Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda www.access-company.com CONFIDENTIALITY NOTICE This e-mail and any attachments hereto may contain information that is privileged or confidential, and is intended for use only by the individual or entity to which it is addressed. Any disclosure, copying or distribution of the information by anyone else is strictly prohibited. If you have received this document in error, please notify us promptly by responding to this e-mail. Thank you.
Received on Tuesday, 27 October 2009 14:25:06 UTC