Re: [rtcweb] ICE exposes 'real' local IP to javascript

The thing I was wondering about was, should there be a confirmation dialog
when browser tries to setup any type of peer-to-peer connection? We get a
confirmation dialog when microphone or camera access is requested. I think
setting up a peer-to-peer connection is something that should be controlled
by the user on the per web site basis in the similar manner.

Roman Shpount

On Tue, Feb 3, 2015 at 11:42 AM, Harald Alvestrand <>

> Some thoughts....
> 1) Datachannel is a red herring. There are many ways to do a valid
> CreateOffer with m-lines, which is all that is required:
> - Datachannel
> - OfferToReceiveVideo  / Audio
> - Generate a MediaStreamTrack from WebAudio
> and so on.
> 2) Speaking with my WebRTC hat on: IP addresses have to be surfaced at the
> API as long as the other side needs to try to send packets to these
> interfaces. We can't obfuscate them or encrypt them because they have to be
> communicated to the other party, through channels that aren't in the WebRTC
> spec.
> 3) Speaking with my (imaginary) implementors hat: One can imagine a
> (browser-wide) configuration setting for which addresses to allow access
> to, possibly with a whitelist of apps / pages / sites allowed more access
> than others. Normal people will never configure this (and if they tried,
> they would get it wrong), so the defaults need to be "safe enough for
> most", but sysadmins and the people with special reasons to care about
> security might.
> 4) Again wearing my WebRTC spec shepherding hat: It seems that the spec
> should make it clear:
> a) that IP addresses will be exposed (in SDP and in oncandidate callbacks)
> b) why IP addresses are being exposed
> but not really anything more than that.
> 5) Wearing my forum-shuffling hat, it seems that the "why" part belongs
> more in the IETF than in the WebRTC side of things - so I'd favour
> continuing this thread on rtcweb@ietf only....
> Harald
> _______________________________________________
> rtcweb mailing list

Received on Tuesday, 3 February 2015 17:16:16 UTC