- From: Kornel Lesiński <kornel@geekhood.net>
- Date: Fri, 09 Mar 2012 18:56:05 -0000
- To: public-html@w3.org
On Fri, 09 Mar 2012 18:09:10 -0000, Charles Pritchard <chuck@jumis.com> wrote: > It fulfills the requirements that content vendors place on distribution > by obfuscating the file stream. A user can not simply download the file > and then view it in a media player. It obfuscates the stream over > wireless so apps like Firesheep can not simply snoop the video > automatically. Firesheep-like tools could do that. Masking key is sent in the clear in the frames themselves. Even if the masking key was somehow hidden, it's just a 32-bit value XORed with the data, so a few bytes of known plaintext or relatively small amount of brute-force can be used to recover the key. So I think websocket framing format is not appropriate for securing files stored with untrusted CDNs. -- regards, Kornel Lesiński
Received on Friday, 9 March 2012 18:56:34 UTC