W3C home > Mailing lists > Public > public-webrtc@w3.org > August 2015

Re: Sandboxing usage of RTCPeerConnection?

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 17 Aug 2015 05:54:16 -0700
Message-ID: <CABcZeBPXfBuenJZqscx_ee5ef-b51TgLFDEnLrNhc0S3AxpX2A@mail.gmail.com>
To: Dominique Hazael-Massieux <dom@w3.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
This seems like it's going to cause a lot of ossification, since it will
mean that if
you want to load an iframe that *can* use PC, then you will have to use
iframe-sandbox and then you will be restricted to just the APIs that are
presently
whitelistable.

It would be fine to have PC disabled when IFRAME sandbox was used unless
allow-rtcpeerconnection was set.

-Ekr


On Mon, Aug 17, 2015 at 5:26 AM, Dominique Hazael-Massieux <dom@w3.org>
wrote:

> Hi,
>
> Back in April, I had tried to list the various mitigation strategies that
> are available to reduce some of the mis-usage of RTCPeerConnection to
> obtain information on the local network topology:
> https://lists.w3.org/Archives/Public/public-webrtc/2015Apr/0131.html
>
> While there is still more work needed on the "VPN use case" (where leaking
> some of the IP addresses of VPN users potentially reveal their true
> location), I wonder if there is any interest in making it also much less
> trivial for any random third-party (e.g. ads network) to obtain users local
> IP addresses which provide increased fingerprinting surface for little
> benefit.
>
> The specific idea I would like to suggest is that content embedded via
> <iframe> don't get access to the RTCPeerConnection interface unless they
> are embedded with an "allow-rtcpeerconnection" token in the sandbox
> attribute.
> http://www.w3.org/TR/html5/embedded-content-0.html#attr-iframe-sandbox
>
> Would there be support for such a proposal?
>
> Dom
>
>
Received on Monday, 17 August 2015 12:55:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:45 UTC