Re: Issue 200: Incoming media prior to Remote Fingerprint Verification from Roman Shpount on 2015-05-16 (public-ortc@w3.org from May 2015)

From: Roman Shpount <rshpount@turbobridge.com>
Date: Sat, 16 May 2015 15:36:58 -0400
To: Bernard Aboba <Bernard.Aboba@microsoft.com>
Cc: "public-ortc@w3.org" <public-ortc@w3.org>
Message-ID: <CAD5OKxtvdeqA6zY6QC6GRvPvhh31mEsWsqw0F6G+LL9h-t0EdQ@mail.gmail.com>

What would be cleaner is actually passing the media but labeling it as
"untrusted". This way statistics will be properly updated and the decoder
will be kept in the "warm" state ready to play the media when it becomes
authenticated.

I would agree that decoded media should not be passed to the media track
and should not be played o the user until the remote identity is verified.

_____________
Roman Shpount

On Sat, May 16, 2015 at 2:24 PM, Bernard Aboba <Bernard.Aboba@microsoft.com>
wrote:

>  At the ORTC CG meeting on May 13, Justin pointed out that passing
> incoming media to an RtpReceiver prior to verification of the remote
> fingerprint could permit a DTLS man-in-the-middle attack. So while there is
> the potential for incoming media in the DTLS "connecting" state, there
> probably should be a prohibition on passing decrypted media to an attacked
> RtpReceiver until the "connected" state is reached.
>
>
>

Received on Saturday, 16 May 2015 19:37:27 UTC