Re: [webrtc-pc] Do not allow DNS candidates in "relay" mode (#2533) from Harald Alvestrand via GitHub on 2020-05-29 (public-webrtc-logs@w3.org from May 2020)

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Fri, 29 May 2020 15:40:40 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-636042060-1590766838-sysbot+gh@w3.org>

An attacker that wishes to verify whether or not you are on the local network can use mDNS candidate resolution to discover this by sniffing mDNS resolution requests (using mDNS candidates that are otherwise completely legitimate); that's the reason for disallowing mDNS resolution in relay mode.

As for turning off DNS candidates entirely until someone writes up a good procedure for them - that makes sense to me. There was a draft for DNS-via-TURN once (https://tools.ietf.org/html/draft-schwartz-tram-turnbyname-00), but that failed to pick up traction. (thanks to @pthatcherg for the link).



-- 
GitHub Notification of comment by alvestrand
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2533#issuecomment-636042060 using your GitHub account

Received on Friday, 29 May 2020 15:40:42 UTC