TRAM | T. Reddy |
Internet-Draft | P. Patil |
Intended status: Standards Track | Cisco |
Expires: August 8, 2015 | February 4, 2015 |
IP address privacy by TURN server
draft-reddy-tram-turn-ipaddress-privacy-00
A TURN server allocates an IP address for a user. If this address is dis-associated from the user's actual network, the allocated IP address increases the user's privacy. This document describes a means for an client to discover that the TURN server can provide IP address privacy.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 8, 2015.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Disclosing a host's IP address and connected network's IP address can disclose the user's location or network connection point, which is a privacy concern. These addresses are disclosed during normal operation of WebRTC [I-D.ietf-rtcweb-overview]. To prevent this disclosure, the local address (called "host address" by ICE [RFC5245]) and the connected network's IP address (called "server reflexive" by ICE) cannot be disclosed to the remote peer. Instead, only the address allocated by a TURN (Traversal Using Relays around NAT) [RFC5766] server is disclosed to the remote peer. However, if the TURN server is dedicated to a specific network (e.g., it is deployed by a network operator for the sole use of users on that network), that TURN server will similarly leak information about the user's connected network.
Using any of the discovery mechanisms described in [I-D.ietf-tram-turn-server-discovery], a client may discover multiple Traversal Using Relays around NAT (TURN) servers. The TURN servers discovered could be provided by an enterprise network, an access network, an application service provider or a third party provider. Therefore, the client needs to be able to choose a TURN server that can provide IP address privacy.
The ADDRESS-PRIVACY attribute introduced in this specification can be used by the client to determine if the TURN server can provide IP address privacy from the remote peer.
This technique also solves the following other problems:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
This note uses terminology defined in STUN [RFC5389].
If a client wants IP address privacy, it includes the ADDRESS-PRIVACY attribute in its TURN Allocate request. If the server can provide IP address privacy then it would echo back ADDRESS-PRIVACY attribute in the Allocate response.
This specification defines a new comprehension-optional STUN attribute ADDRESS-PRIVACY will have a STUN Type TBD-CA. This type is in the comprehension-optional range, which means that TURN servers can safely ignore the attribute if they do not understand it.
This attribute is used by the client to ask the server if it can provide IP address privacy. This attribute has no value part and thus the attribute length field is 0.
When a server receives a STUN request that includes a ADDRESS-PRIVACY attribute, it processes the request as per the STUN specification [RFC5389] plus the specific rules mentioned here. The server checks the following:
[Paragraphs in braces should be removed by the RFC Editor upon publication]
[The ADDRESS-PRIVACY attribute requires that IANA allocate a value in the "STUN attributes Registry" from the comprehension-optional range (0x8000-0xBFFF), to be replaced for TBD-CA throughout this document]
This document defines the ADDRESS-PRIVACY STUN attribute, described in Section 3. IANA has allocated the comprehension-optional codepoint TBD-CA for this attribute.
It is possible the TURN server provides inadequate IP address privacy to meet the client's needs. For example, the TURN server might be located in the same city as the client, but the client wants to obfuscate its location to the same continent or to a different continent or a different planet. The client should find its geolocation using server-reflexive candidate. The client should also determine the geolocation of the relayed address learned from the TURN server and compare with its geolocation to determine if the TURN server is indeed providing IP address privacy.
Security considerations discussed in [RFC5766] are to be taken into account.
Thanks to Dan Wing and Pal Martinsen for the review and comments.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC5245] | Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, April 2010. |
[RFC5389] | Rosenberg, J., Mahy, R., Matthews, P. and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, October 2008. |
[RFC5766] | Mahy, R., Matthews, P. and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, April 2010. |
[I-D.ietf-rtcweb-overview] | Alvestrand, H., "Overview: Real Time Protocols for Browser-based Applications", Internet-Draft draft-ietf-rtcweb-overview-13, November 2014. |
[I-D.ietf-rtcweb-security-arch] | Rescorla, E., "WebRTC Security Architecture", Internet-Draft draft-ietf-rtcweb-security-arch-10, July 2014. |
[I-D.ietf-tram-turn-server-discovery] | Patil, P., Reddy, T. and D. Wing, "TURN Server Auto Discovery", Internet-Draft draft-ietf-tram-turn-server-discovery-01, January 2015. |
[I-D.schwartz-rtcweb-return] | Schwartz, B. and J. Uberti, "Recursively Encapsulated TURN (RETURN) for Connectivity and Privacy in WebRTC", Internet-Draft draft-schwartz-rtcweb-return-04, November 2014. |