Open shacharz opened 4 years ago
lgrahl
commented
4 years ago Due to 2., Chrome Enterprise can never be a complete solution for this kind of problem, so I'd search for a more broadly applicable solution.
Note: This is basically within the scope of #1.
juberti
commented
4 years ago You don't need a special version of the browser to push policies to Chrome, so I think this can be a pretty general solution. I think the exact mechanism is out of scope of WebRTC NV though.
Host-to-Host connectivity is essential for use cases like enterprise streaming over large local networks. On the other hand, privacy concerns require that local IPs are not revealed.
A few solutions have been considered:
The current status is that Chrome, Edgium, Firefox and Safari are using mDNS hostnames in host candidates and use the mDNS protocol to resolve the local IP. We have seen in multiple corporate networks that this causes significant performance issues due to the inability to connect devices within the corporate network (mostly because of the 1-hop limit).
As an interim solution, Chrome has disabled mDNS in Chrome Enterprise deployments and is exposing the local IP in host candidates for those browsers. This has resolved the above issues.
The suggested long term solution is encrypted ice-candidates. While IMO this solution is a good way forward, there are a few concerns I’d like to raise: