WebRTC IP Address Handling Extensions for Multicast DNS
Google
juberti@google.com
Google
jeroendb@google.com
Google
qingsi@google.com
Apple Inc.
youenn@apple.com
General
RTCWEB
Internet-Draft
This document extends the previous WebRTC IP Address Handling Requirements
with new modes that make use of Multicast DNS ICE candidates, and updates
the recommendations accordingly.
describes the privacy problems associated with exposing IP
addresses to web applications, but admits that there is no solution to the issue
of exposing private IP addresses that does not carry a corresponding
impact on connectivity.
introduces a new technique based on Multicast DNS (mDNS) that
obscures private IP addresses with mDNS names. This solves the privacy issues
associated with exposing local IP addresses, and mitigates most of the
aforementioned connectivity impact.
This document extends the set of modes defined in with new
options based on the mDNS technique. Different choices are provided, each
with their own benefits and drawbacks.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in .
Using the mDNS technique, we define two new modes, namely Mode 2.1 and 2.2.
These modes are identical to Mode 2 from , but the technique from
is used to protect the selected private IP addresses.
Accordingly, the privacy guidelines outlined in , Section 5
MUST be followed in each new mode in order to prevent accidental disclosure
of a private IP address.
The local IPv4 address associated with the preferred interface MUST be
replaced with a mDNS name, as described in , Section 3.1.
Any local IPv6 addresses associated with the preferred interface MUST also
be replaced with mDNS names, unless they are privacy-preserving
addresses.
All local IPv4 and IPv6 addresses MUST be replaced with mDNS names, as described
in , Section 3.1.
The only difference between Mode 2.1 and Mode 2.2 is how addresses
are handled. In either case, a direct connection is possible if the mDNS
addresses created for the local IP addresses can be resolved. However, when
mDNS fails, either because it is disabled on the network, or the endpoints
are not on the same segment, Mode 2.1 may allow a direct connection where
Mode 2.2 does not.
The exact impact on applications needs to be determined experimentally. This
document will be updated with a specific recommendation once this information
is known.
The mDNS technique may also have value even when all network interfaces are
used by the ICE agent, i.e., in Mode 1 from , by
minimizing the amount of information regarding the local network that is
disclosed to the remote peer. Accordingly, a future update of this document
may define additional modes that apply the mDNS technique to Mode 1.
This is an area for further study.
The modes defined here, on their own, present no new security considerations.
Considerations for the mDNS technique are detailed in ,
Section 6.
This document requires no actions from IANA.
Key words for use in RFCs to Indicate Requirement Levels
In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
Nodes use IPv6 stateless address autoconfiguration to generate addresses using a combination of locally available information and information advertised by routers. Addresses are formed by combining network prefixes with an interface identifier. On an interface that contains an embedded IEEE Identifier, the interface identifier is typically derived from it. On other interface types, the interface identifier is generated through other means, for example, via random number generation. This document describes an extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodes to generate global scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier. Changing the interface identifier (and the global scope addresses generated from it) over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node. [STANDARDS-TRACK]
WebRTC IP Address Handling Requirements
Using Multicast DNS to protect privacy when exposing ICE candidates