W3C home > Mailing lists > Public > public-webrtc@w3.org > February 2015

Re: [rtcweb] ICE exposes 'real' local IP to javascript

From: Peter Saint-Andre - &yet <peter@andyet.net>
Date: Thu, 05 Feb 2015 14:17:37 -0700
Message-ID: <54D3DDF1.607@andyet.net>
To: Justin Uberti <juberti@google.com>, Bjoern Hoehrmann <derhoermi@gmx.net>
CC: Harald Alvestrand <harald@alvestrand.no>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 2/5/15 2:03 PM, Justin Uberti wrote:
> I think the concern over private IP addresses is a side issue.
>
> The main issue, as Tim indicates, is the surfacing of interfaces other
> than the VPN or proxy when using such a configuration; right now the
> only workaround is to disable WebRTC.
>
> I would be in favor of a browser switch that could control whether other
> interfaces are enumerated and used when HTTP traffic is being sent
> through a VPN or proxy. This is similar to the 'leaky' vs 'sealed'
> policy described in RETURN
> <https://tools.ietf.org/html/draft-schwartz-rtcweb-return-04#section-5.2>,
> and this switch could be set to either value depending on whether the
> user/browser wants to optimize for maximizing QoS or minimizing
> information disclosure.

Yes, that seems like the right approach.

Peter

-- 
Peter Saint-Andre
https://andyet.com/
Received on Friday, 6 February 2015 08:45:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:43 UTC