Re: [webrtc-pc] RTCIceTransport.getRemoteCandidates() does not return prflx candidates (#2124)

We need to be careful to not expose IP addresses that have been hidden via the use of mDNS. Otherwise, one could create two peer connections A and B:

1. Add all candidates from A to B.
2. Filter out all mDNS candidates from B when adding them to A.
3. B will resolve A's concealed IP addresses and start connectivity checks.
4. A will pick them up as prflx candidates, exposing the IP address again.

Unless I've missed a mechanism in the mDNS draft (such as an additional STUN attribute).

I guess we could just always anonymise/remove IP addresses from prflx candidates before handing them out in stats or any other API surface.

GitHub Notification of comment by lgrahl
Please view or discuss this issue at using your GitHub account

Received on Thursday, 21 March 2019 13:08:39 UTC