| draft-ietf-rtcweb-ip-handling-10.txt | draft-ietf-rtcweb-ip-handling-11.txt | |||
|---|---|---|---|---|
| Network Working Group J. Uberti | Network Working Group J. Uberti | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Intended status: Standards Track October 12, 2018 | Intended status: Standards Track November 2, 2018 | |||
| Expires: April 15, 2019 | Expires: May 6, 2019 | |||
| WebRTC IP Address Handling Requirements | WebRTC IP Address Handling Requirements | |||
| draft-ietf-rtcweb-ip-handling-10 | draft-ietf-rtcweb-ip-handling-11 | |||
| Abstract | Abstract | |||
| This document provides information and requirements for how IP | This document provides information and requirements for how IP | |||
| addresses should be handled by WebRTC implementations. | addresses should be handled by WebRTC implementations. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 31 ¶ | skipping to change at page 1, line 31 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 15, 2019. | This Internet-Draft will expire on May 6, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 12 ¶ | skipping to change at page 2, line 12 ¶ | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 | 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Detailed Design . . . . . . . . . . . . . . . . . . . . . . . 4 | 5. Detailed Design . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 4 | 5.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5.2. Modes and Recommendations . . . . . . . . . . . . . . . . 5 | 5.2. Modes and Recommendations . . . . . . . . . . . . . . . . 5 | |||
| 6. Implementation Guidance . . . . . . . . . . . . . . . . . . . 7 | 6. Implementation Guidance . . . . . . . . . . . . . . . . . . . 7 | |||
| 6.1. Ensuring Normal Routing . . . . . . . . . . . . . . . . . 7 | 6.1. Ensuring Normal Routing . . . . . . . . . . . . . . . . . 7 | |||
| 6.2. Determining Host Candidates . . . . . . . . . . . . . . . 7 | 6.2. Determining Host Candidates . . . . . . . . . . . . . . . 7 | |||
| 7. Application Guidance . . . . . . . . . . . . . . . . . . . . 8 | 7. Application Guidance . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 8 | 11.2. Informative References . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 10 | Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| One of WebRTC's key features is its support of peer-to-peer | One of WebRTC's key features is its support of peer-to-peer | |||
| connections. However, when establishing such a connection, which | connections. However, when establishing such a connection, which | |||
| involves connection attempts from various IP addresses, WebRTC may | involves connection attempts from various IP addresses, WebRTC may | |||
| allow a web application to learn additional information about the | allow a web application to learn additional information about the | |||
| user compared to an application that only uses the Hypertext Transfer | user compared to an application that only uses the Hypertext Transfer | |||
| Protocol (HTTP) [RFC7230]. This may be problematic in certain cases. | Protocol (HTTP) [RFC7230]. This may be problematic in certain cases. | |||
| This document summarizes the concerns, and makes recommendations on | This document summarizes the concerns, and makes recommendations on | |||
| how WebRTC implementations should best handle the tradeoff between | how WebRTC implementations should best handle the tradeoff between | |||
| privacy and media performance. | privacy and media performance. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| document are to be interpreted as described in [RFC2119]. | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
| capitals, as shown here. | ||||
| 3. Problem Statement | 3. Problem Statement | |||
| In order to establish a peer-to-peer connection, WebRTC | In order to establish a peer-to-peer connection, WebRTC | |||
| implementations use Interactive Connectivity Establishment (ICE) | implementations use Interactive Connectivity Establishment (ICE) | |||
| [RFC5245], which attempts to discover multiple IP addresses using | [RFC8445], which attempts to discover multiple IP addresses using | |||
| techniques such as Session Traversal Utilities for NAT (STUN) | techniques such as Session Traversal Utilities for NAT (STUN) | |||
| [RFC5389] and Traversal Using Relays around NAT (TURN) [RFC5766], and | [RFC5389] and Traversal Using Relays around NAT (TURN) [RFC5766], and | |||
| then checks the connectivity of each local-address-remote-address | then checks the connectivity of each local-address-remote-address | |||
| pair in order to select the best one. The addresses that are | pair in order to select the best one. The addresses that are | |||
| collected usually consist of an endpoint's private physical/virtual | collected usually consist of an endpoint's private physical/virtual | |||
| addresses and its public Internet addresses. | addresses and its public Internet addresses. | |||
| These addresses are exposed upwards to the web application, so that | These addresses are exposed upwards to the web application, so that | |||
| they can be communicated to the remote endpoint for its checks. This | they can be communicated to the remote endpoint for its checks. This | |||
| allows the application to learn more about the local network | allows the application to learn more about the local network | |||
| configuration than it would from a typical HTTP scenario, in which | configuration than it would from a typical HTTP scenario, in which | |||
| skipping to change at page 6, line 43 ¶ | skipping to change at page 6, line 48 ¶ | |||
| used. | used. | |||
| These defaults provide a reasonable tradeoff that permits trusted | These defaults provide a reasonable tradeoff that permits trusted | |||
| WebRTC applications to achieve optimal network performance, but gives | WebRTC applications to achieve optimal network performance, but gives | |||
| applications without consent (e.g., 1-way streaming or data channel | applications without consent (e.g., 1-way streaming or data channel | |||
| applications) only the minimum information needed to achieve direct | applications) only the minimum information needed to achieve direct | |||
| connections, as defined in Mode 2. However, implementations MAY | connections, as defined in Mode 2. However, implementations MAY | |||
| choose stricter modes if desired, e.g., if a user indicates they want | choose stricter modes if desired, e.g., if a user indicates they want | |||
| all WebRTC traffic to follow the default route. | all WebRTC traffic to follow the default route. | |||
| Future versions of this document may define additional modes and/or | Future documents may define additional modes and/or update the | |||
| update the recommended default modes. | recommended default modes. | |||
| Note that the suggested defaults can still be used even for | Note that the suggested defaults can still be used even for | |||
| organizations that want all external WebRTC traffic to traverse a | organizations that want all external WebRTC traffic to traverse a | |||
| proxy or enterprise TURN server, simply by setting an organizational | proxy or enterprise TURN server, simply by setting an organizational | |||
| firewall policy that allows WebRTC traffic to only leave through the | firewall policy that allows WebRTC traffic to only leave through the | |||
| proxy or TURN server. This provides a way to ensure the proxy or | proxy or TURN server. This provides a way to ensure the proxy or | |||
| TURN server is used for any external traffic, but still allows direct | TURN server is used for any external traffic, but still allows direct | |||
| connections (and, in the proxy case, avoids the performance issues | connections (and, in the proxy case, avoids the performance issues | |||
| associated with forcing media through said proxy) for intra- | associated with forcing media through said proxy) for intra- | |||
| organization traffic. | organization traffic. | |||
| skipping to change at page 8, line 44 ¶ | skipping to change at page 8, line 47 ¶ | |||
| 11. References | 11. References | |||
| 11.1. Normative References | 11.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | ||||
| Resource Identifier (URI): Generic Syntax", STD 66, | ||||
| RFC 3986, DOI 10.17487/RFC3986, January 2005, | ||||
| <https://www.rfc-editor.org/info/rfc3986>. | ||||
| [RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089, | ||||
| DOI 10.17487/RFC8089, February 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8089>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive | ||||
| Connectivity Establishment (ICE): A Protocol for Network | ||||
| Address Translator (NAT) Traversal", RFC 8445, | ||||
| DOI 10.17487/RFC8445, July 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8445>. | ||||
| 11.2. Informative References | 11.2. Informative References | |||
| [I-D.ietf-rtcweb-transports] | [I-D.ietf-rtcweb-transports] | |||
| Alvestrand, H., "Transports for WebRTC", draft-ietf- | Alvestrand, H., "Transports for WebRTC", draft-ietf- | |||
| rtcweb-transports-17 (work in progress), October 2016. | rtcweb-transports-17 (work in progress), October 2016. | |||
| [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., | [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., | |||
| and E. Lear, "Address Allocation for Private Internets", | and E. Lear, "Address Allocation for Private Internets", | |||
| BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, | BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, | |||
| <https://www.rfc-editor.org/info/rfc1918>. | <https://www.rfc-editor.org/info/rfc1918>. | |||
| [RFC1919] Chatel, M., "Classical versus Transparent IP Proxies", | [RFC1919] Chatel, M., "Classical versus Transparent IP Proxies", | |||
| RFC 1919, DOI 10.17487/RFC1919, March 1996, | RFC 1919, DOI 10.17487/RFC1919, March 1996, | |||
| <https://www.rfc-editor.org/info/rfc1919>. | <https://www.rfc-editor.org/info/rfc1919>. | |||
| [RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and | [RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and | |||
| L. Jones, "SOCKS Protocol Version 5", RFC 1928, | L. Jones, "SOCKS Protocol Version 5", RFC 1928, | |||
| DOI 10.17487/RFC1928, March 1996, | DOI 10.17487/RFC1928, March 1996, | |||
| <https://www.rfc-editor.org/info/rfc1928>. | <https://www.rfc-editor.org/info/rfc1928>. | |||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | ||||
| Resource Identifier (URI): Generic Syntax", STD 66, | ||||
| RFC 3986, DOI 10.17487/RFC3986, January 2005, | ||||
| <https://www.rfc-editor.org/info/rfc3986>. | ||||
| [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy | [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy | |||
| Extensions for Stateless Address Autoconfiguration in | Extensions for Stateless Address Autoconfiguration in | |||
| IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, | IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, | |||
| <https://www.rfc-editor.org/info/rfc4941>. | <https://www.rfc-editor.org/info/rfc4941>. | |||
| [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment | ||||
| (ICE): A Protocol for Network Address Translator (NAT) | ||||
| Traversal for Offer/Answer Protocols", RFC 5245, | ||||
| DOI 10.17487/RFC5245, April 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5245>. | ||||
| [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, | [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, | |||
| "Session Traversal Utilities for NAT (STUN)", RFC 5389, | "Session Traversal Utilities for NAT (STUN)", RFC 5389, | |||
| DOI 10.17487/RFC5389, October 2008, | DOI 10.17487/RFC5389, October 2008, | |||
| <https://www.rfc-editor.org/info/rfc5389>. | <https://www.rfc-editor.org/info/rfc5389>. | |||
| [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using | [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using | |||
| Relays around NAT (TURN): Relay Extensions to Session | Relays around NAT (TURN): Relay Extensions to Session | |||
| Traversal Utilities for NAT (STUN)", RFC 5766, | Traversal Utilities for NAT (STUN)", RFC 5766, | |||
| DOI 10.17487/RFC5766, April 2010, | DOI 10.17487/RFC5766, April 2010, | |||
| <https://www.rfc-editor.org/info/rfc5766>. | <https://www.rfc-editor.org/info/rfc5766>. | |||
| skipping to change at page 10, line 15 ¶ | skipping to change at page 10, line 25 ¶ | |||
| [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Message Syntax and Routing", | Protocol (HTTP/1.1): Message Syntax and Routing", | |||
| RFC 7230, DOI 10.17487/RFC7230, June 2014, | RFC 7230, DOI 10.17487/RFC7230, June 2014, | |||
| <https://www.rfc-editor.org/info/rfc7230>. | <https://www.rfc-editor.org/info/rfc7230>. | |||
| [RFC7478] Holmberg, C., Hakansson, S., and G. Eriksson, "Web Real- | [RFC7478] Holmberg, C., Hakansson, S., and G. Eriksson, "Web Real- | |||
| Time Communication Use Cases and Requirements", RFC 7478, | Time Communication Use Cases and Requirements", RFC 7478, | |||
| DOI 10.17487/RFC7478, March 2015, | DOI 10.17487/RFC7478, March 2015, | |||
| <https://www.rfc-editor.org/info/rfc7478>. | <https://www.rfc-editor.org/info/rfc7478>. | |||
| [RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089, | ||||
| DOI 10.17487/RFC8089, February 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8089>. | ||||
| Appendix A. Change log | Appendix A. Change log | |||
| Changes in draft -11: | ||||
| o Editorial updates from AD review. | ||||
| Changes in draft -10: | Changes in draft -10: | |||
| o Incorporate feedback from IETF 102 on the problem space. | o Incorporate feedback from IETF 102 on the problem space. | |||
| o Note that future versions of the document may define new modes. | o Note that future versions of the document may define new modes. | |||
| Changes in draft -09: | Changes in draft -09: | |||
| o Fixed confusing text regarding enterprise TURN servers. | o Fixed confusing text regarding enterprise TURN servers. | |||
| End of changes. 15 change blocks. | ||||
| 27 lines changed or deleted | 38 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||