draft-ietf-rtcweb-ip-handling-10.txt   draft-ietf-rtcweb-ip-handling-11.txt 
Network Working Group J. Uberti Network Working Group J. Uberti
Internet-Draft Google Internet-Draft Google
Intended status: Standards Track October 12, 2018 Intended status: Standards Track November 2, 2018
Expires: April 15, 2019 Expires: May 6, 2019
WebRTC IP Address Handling Requirements WebRTC IP Address Handling Requirements
draft-ietf-rtcweb-ip-handling-10 draft-ietf-rtcweb-ip-handling-11
Abstract Abstract
This document provides information and requirements for how IP This document provides information and requirements for how IP
addresses should be handled by WebRTC implementations. addresses should be handled by WebRTC implementations.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 15, 2019. This Internet-Draft will expire on May 6, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 12 skipping to change at page 2, line 12
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2
4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Detailed Design . . . . . . . . . . . . . . . . . . . . . . . 4 5. Detailed Design . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 4 5.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 5
5.2. Modes and Recommendations . . . . . . . . . . . . . . . . 5 5.2. Modes and Recommendations . . . . . . . . . . . . . . . . 5
6. Implementation Guidance . . . . . . . . . . . . . . . . . . . 7 6. Implementation Guidance . . . . . . . . . . . . . . . . . . . 7
6.1. Ensuring Normal Routing . . . . . . . . . . . . . . . . . 7 6.1. Ensuring Normal Routing . . . . . . . . . . . . . . . . . 7
6.2. Determining Host Candidates . . . . . . . . . . . . . . . 7 6.2. Determining Host Candidates . . . . . . . . . . . . . . . 7
7. Application Guidance . . . . . . . . . . . . . . . . . . . . 8 7. Application Guidance . . . . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
11.1. Normative References . . . . . . . . . . . . . . . . . . 8 11.1. Normative References . . . . . . . . . . . . . . . . . . 8
11.2. Informative References . . . . . . . . . . . . . . . . . 8 11.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 10 Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
One of WebRTC's key features is its support of peer-to-peer One of WebRTC's key features is its support of peer-to-peer
connections. However, when establishing such a connection, which connections. However, when establishing such a connection, which
involves connection attempts from various IP addresses, WebRTC may involves connection attempts from various IP addresses, WebRTC may
allow a web application to learn additional information about the allow a web application to learn additional information about the
user compared to an application that only uses the Hypertext Transfer user compared to an application that only uses the Hypertext Transfer
Protocol (HTTP) [RFC7230]. This may be problematic in certain cases. Protocol (HTTP) [RFC7230]. This may be problematic in certain cases.
This document summarizes the concerns, and makes recommendations on This document summarizes the concerns, and makes recommendations on
how WebRTC implementations should best handle the tradeoff between how WebRTC implementations should best handle the tradeoff between
privacy and media performance. privacy and media performance.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Problem Statement 3. Problem Statement
In order to establish a peer-to-peer connection, WebRTC In order to establish a peer-to-peer connection, WebRTC
implementations use Interactive Connectivity Establishment (ICE) implementations use Interactive Connectivity Establishment (ICE)
[RFC5245], which attempts to discover multiple IP addresses using [RFC8445], which attempts to discover multiple IP addresses using
techniques such as Session Traversal Utilities for NAT (STUN) techniques such as Session Traversal Utilities for NAT (STUN)
[RFC5389] and Traversal Using Relays around NAT (TURN) [RFC5766], and [RFC5389] and Traversal Using Relays around NAT (TURN) [RFC5766], and
then checks the connectivity of each local-address-remote-address then checks the connectivity of each local-address-remote-address
pair in order to select the best one. The addresses that are pair in order to select the best one. The addresses that are
collected usually consist of an endpoint's private physical/virtual collected usually consist of an endpoint's private physical/virtual
addresses and its public Internet addresses. addresses and its public Internet addresses.
These addresses are exposed upwards to the web application, so that These addresses are exposed upwards to the web application, so that
they can be communicated to the remote endpoint for its checks. This they can be communicated to the remote endpoint for its checks. This
allows the application to learn more about the local network allows the application to learn more about the local network
configuration than it would from a typical HTTP scenario, in which configuration than it would from a typical HTTP scenario, in which
skipping to change at page 6, line 43 skipping to change at page 6, line 48
used. used.
These defaults provide a reasonable tradeoff that permits trusted These defaults provide a reasonable tradeoff that permits trusted
WebRTC applications to achieve optimal network performance, but gives WebRTC applications to achieve optimal network performance, but gives
applications without consent (e.g., 1-way streaming or data channel applications without consent (e.g., 1-way streaming or data channel
applications) only the minimum information needed to achieve direct applications) only the minimum information needed to achieve direct
connections, as defined in Mode 2. However, implementations MAY connections, as defined in Mode 2. However, implementations MAY
choose stricter modes if desired, e.g., if a user indicates they want choose stricter modes if desired, e.g., if a user indicates they want
all WebRTC traffic to follow the default route. all WebRTC traffic to follow the default route.
Future versions of this document may define additional modes and/or Future documents may define additional modes and/or update the
update the recommended default modes. recommended default modes.
Note that the suggested defaults can still be used even for Note that the suggested defaults can still be used even for
organizations that want all external WebRTC traffic to traverse a organizations that want all external WebRTC traffic to traverse a
proxy or enterprise TURN server, simply by setting an organizational proxy or enterprise TURN server, simply by setting an organizational
firewall policy that allows WebRTC traffic to only leave through the firewall policy that allows WebRTC traffic to only leave through the
proxy or TURN server. This provides a way to ensure the proxy or proxy or TURN server. This provides a way to ensure the proxy or
TURN server is used for any external traffic, but still allows direct TURN server is used for any external traffic, but still allows direct
connections (and, in the proxy case, avoids the performance issues connections (and, in the proxy case, avoids the performance issues
associated with forcing media through said proxy) for intra- associated with forcing media through said proxy) for intra-
organization traffic. organization traffic.
skipping to change at page 8, line 44 skipping to change at page 8, line 47
11. References 11. References
11.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089,
DOI 10.17487/RFC8089, February 2017,
<https://www.rfc-editor.org/info/rfc8089>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive
Connectivity Establishment (ICE): A Protocol for Network
Address Translator (NAT) Traversal", RFC 8445,
DOI 10.17487/RFC8445, July 2018,
<https://www.rfc-editor.org/info/rfc8445>.
11.2. Informative References 11.2. Informative References
[I-D.ietf-rtcweb-transports] [I-D.ietf-rtcweb-transports]
Alvestrand, H., "Transports for WebRTC", draft-ietf- Alvestrand, H., "Transports for WebRTC", draft-ietf-
rtcweb-transports-17 (work in progress), October 2016. rtcweb-transports-17 (work in progress), October 2016.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets", and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
<https://www.rfc-editor.org/info/rfc1918>. <https://www.rfc-editor.org/info/rfc1918>.
[RFC1919] Chatel, M., "Classical versus Transparent IP Proxies", [RFC1919] Chatel, M., "Classical versus Transparent IP Proxies",
RFC 1919, DOI 10.17487/RFC1919, March 1996, RFC 1919, DOI 10.17487/RFC1919, March 1996,
<https://www.rfc-editor.org/info/rfc1919>. <https://www.rfc-editor.org/info/rfc1919>.
[RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and [RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and
L. Jones, "SOCKS Protocol Version 5", RFC 1928, L. Jones, "SOCKS Protocol Version 5", RFC 1928,
DOI 10.17487/RFC1928, March 1996, DOI 10.17487/RFC1928, March 1996,
<https://www.rfc-editor.org/info/rfc1928>. <https://www.rfc-editor.org/info/rfc1928>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
<https://www.rfc-editor.org/info/rfc4941>. <https://www.rfc-editor.org/info/rfc4941>.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010,
<https://www.rfc-editor.org/info/rfc5245>.
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389, "Session Traversal Utilities for NAT (STUN)", RFC 5389,
DOI 10.17487/RFC5389, October 2008, DOI 10.17487/RFC5389, October 2008,
<https://www.rfc-editor.org/info/rfc5389>. <https://www.rfc-editor.org/info/rfc5389>.
[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", RFC 5766, Traversal Utilities for NAT (STUN)", RFC 5766,
DOI 10.17487/RFC5766, April 2010, DOI 10.17487/RFC5766, April 2010,
<https://www.rfc-editor.org/info/rfc5766>. <https://www.rfc-editor.org/info/rfc5766>.
skipping to change at page 10, line 15 skipping to change at page 10, line 25
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<https://www.rfc-editor.org/info/rfc7230>. <https://www.rfc-editor.org/info/rfc7230>.
[RFC7478] Holmberg, C., Hakansson, S., and G. Eriksson, "Web Real- [RFC7478] Holmberg, C., Hakansson, S., and G. Eriksson, "Web Real-
Time Communication Use Cases and Requirements", RFC 7478, Time Communication Use Cases and Requirements", RFC 7478,
DOI 10.17487/RFC7478, March 2015, DOI 10.17487/RFC7478, March 2015,
<https://www.rfc-editor.org/info/rfc7478>. <https://www.rfc-editor.org/info/rfc7478>.
[RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089,
DOI 10.17487/RFC8089, February 2017,
<https://www.rfc-editor.org/info/rfc8089>.
Appendix A. Change log Appendix A. Change log
Changes in draft -11:
o Editorial updates from AD review.
Changes in draft -10: Changes in draft -10:
o Incorporate feedback from IETF 102 on the problem space. o Incorporate feedback from IETF 102 on the problem space.
o Note that future versions of the document may define new modes. o Note that future versions of the document may define new modes.
Changes in draft -09: Changes in draft -09:
o Fixed confusing text regarding enterprise TURN servers. o Fixed confusing text regarding enterprise TURN servers.
 End of changes. 15 change blocks. 
27 lines changed or deleted 38 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/