Re: [webrtc-pc] Share some connection infrastructure with Fetch (#2613) from Martin Thomson via GitHub on 2020-12-14 (public-webrtc-logs@w3.org from December 2020)

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Mon, 14 Dec 2020 22:37:04 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-744755344-1607985423-sysbot+gh@w3.org>

Thanks @alvestrand, I'd forgotten that attack.  That is a request forgery attack that exploits vulnerabilities in commonly deployed SIP ALGs.  It's a pity that STUN and TURN are so poor when it comes to request forgery given their function.  If your claim is that this is common with (unsecured) HTTP, that is true, but it probably worth noting that this commonality will be a case-by-case thing.

-- 
GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2613#issuecomment-744755344 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 14 December 2020 22:37:10 UTC