Re: [webrtc-pc] RTCIceTransport.getRemoteCandidates() does not return prflx candidates (#2124) from docfaraday via GitHub on 2019-03-21 (public-webrtc-logs@w3.org from March 2019)

From: docfaraday via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Mar 2019 14:24:38 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-475249883-1553178277-sysbot+gh@w3.org>

Ok, so the threat model here is that you have a host candidate leaked to JS by having two PCs created on the same browser, and using mDNS. mDNS allows STUN transactions to succeed on host candidates without any host candidates being trickled, so we want to hide them from JS.

I can see the value of hiding this information in this case, but having non-obfuscated prflx candidates available in the stats API for the general case is probably important.

-- 
GitHub Notification of comment by docfaraday
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2124#issuecomment-475249883 using your GitHub account

Received on Thursday, 21 March 2019 14:24:39 UTC