- From: Robin Raymond <robin@hookflash.com>
- Date: Thu, 31 Jul 2014 07:43:06 -0400
- To: Peter Thatcher <pthatcher@google.com>
- Cc: "public-ortc@w3.org" <public-ortc@w3.org>, Emil Ivov <emcho@jitsi.org>, Bernard Aboba <bernard.aboba@microsoft.com>
- Message-ID: <etPan.53da2bca.b03e0c6.cdff@macmini.local>
There maybe security concerns for Option A. Consent was to be done via ICE ufrag/password which was the original justification for *not* allowing ufrag/password to be set. Has the rule for consent changed and moved to DTLS layer? I’ve not been following that particular aspect. Are you allowed to change the ufrag/password via JS in the browser's SDP in WebRTC 1.0? I’m not sure option (A) would be legal. Option B, the “generate” method, would solve a consent issue because the ufrag/password could be validated as having been previously generated for the JS sandbox so the JS developer can only use pre-approved ufrag/passwords. I would prefer option A if it were legal and assuming a crypt random method is available in JS (not sure that’s true or not yet with modern browsers without a crazy add on library), but if consent is still tied to ICE we should play it safe with option B. -- Robin Raymond On July 30, 2014 at 11:30:47 PM, Peter Thatcher (pthatcher@google.com) wrote: Ah, I see. In that case there are other design options we have. For example: A. Let the JS choose the ufrag/pwd. B. Let the JS ask the browser for an ICE ufrag/pwd pair (perhaps .generateLocalParameters), and then let the JS pass it in to the call to restart. In fact, if we did B we could go further and unify .start and .restart and .setRemoteParameters into one method with local and remote parameters. It could basically do all three. Maybe I'll type up how it would look with some examples. It might be nice. On Jul 30, 2014 7:52 PM, "Robin Raymond" <robin@hookflash.com> wrote: The ufrag/password needs to be changed in the offer which can only be obtained after restart has been called so you can't restart after. Only the answer side has that luxury. -- Robin Raymond On July 30, 2014 at 10:40:32 PM, Peter Thatcher (pthatcher@google.com) wrote: I had a second thought about the SIP ICE restart rollback thing. Rather than initiate a restart and the roll it back, could the JS simply not initiate the restart until after it's sure that it won't be rolled back? Why does it need to initiate the rollback before it is sure that it needs to?
Received on Thursday, 31 July 2014 11:43:35 UTC