We need to be careful to not expose IP addresses that have been hidden via the use of mDNS. Otherwise, one could create two peer connections A and B: 1. Add all candidates from A to B. 2. Filter out all mDNS candidates from B when adding them to A. 3. B will resolve A's concealed IP addresses and start connectivity checks. 4. A will pick them up as prflx candidates, exposing the IP address again. Unless I've missed a mechanism in the mDNS draft (such as an additional STUN attribute). I guess we could just always anonymise/remove IP addresses from prflx candidates before handing them out in stats or any other API surface. -- GitHub Notification of comment by lgrahl Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2124#issuecomment-475221513 using your GitHub accountReceived on Thursday, 21 March 2019 13:08:39 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:46 UTC