Re: [rtcweb] ICE exposes 'real' local IP to javascript

Den 06. feb. 2015 00:16, skrev Bjoern Hoehrmann:
> * Justin Uberti wrote:
>> I think the concern over private IP addresses is a side issue.
> So far my impression is that the Working Group has not duly considered
> the concern and we may have to ask the W3C Director to do so instead.

Bjørn, please don't use process threats; we've managed to do without
them so far.

I would see much more benefit in someone trying for a writeup that
describes precisely the threat they see, what mitigations they see
against the possible threat, and - importantly - what functionality we
would lose by implementing those mitigations.

So far, we've been tossing around the term "private IP address" without
a precise definition, stating that it is a privacy concern without
specifying what attacks are possible based on that information, tossing
around words about possible mitigations (user prompts, browser
configurations), and not tying those possible mitigations to possible
loss of functionality (user prompt blindness, lessened usability,
failures in setting up intra-LAN peer connections). This is not engineering.

It's possible to write code that simulates what would happen if you
didn't expose some IP addresses (strip them out of the SDP before
sending the createOffer result to the other entity, for SDP users);
running tests with that would give us some real data on whether those
addresses are useful, and in what situations.

More light, less heat, please.

Received on Friday, 6 February 2015 06:03:22 UTC