[webrtc-pc] Do not allow DNS candidates in "relay" mode (#2533) from Harald Alvestrand via GitHub on 2020-05-26 (public-webrtc-logs@w3.org from May 2020)

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 May 2020 11:03:01 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-624797239-1590490980-sysbot+gh@w3.org>

alvestrand has just created a new issue for https://github.com/w3c/webrtc-pc:

== Do not allow DNS candidates in "relay" mode ==
This article:
https://www.digitaltrends.com/news/signal-vulnerability-hack-location/
described how to use DNS-valued candidates to get a rough geolocation capability.
This doesn't seem sensible to guard against when normal WebRTC procedures are in use, since the attacker can cause a call setup attempt to servers under his control too, but seems to be relevant when "relay" mode is in use, since that mode was explicitly introduced to avoid revealing the user's IP address-based location.

Suggested fix: Don't use this type of candidate when policy is "relay".

https://w3c.github.io/webrtc-pc/#dom-rtcicetransportpolicy-relay

Add:

"In this mode, remote candidates requiring resolution via some external mechanism, such as FQDN-valued candidates (require DNS lookup) and .local candidates (require MDN lookup), will be discarded."

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2533 using your GitHub account

Received on Tuesday, 26 May 2020 11:03:03 UTC