Re: [webrtc-pc] Define administratively prohibited in more detail (#2598)

In the particular issue that prompted us to consider this problem (#2534, #2426), the other mitigation that Chrome applied (apart from respecting the Fetch blocked-ports list) was to place an absolute upper bound on the number of ports a browser could open simultaneously.

I must admit that I have no idea what the next attack is going to be, so I thought I'd leave it a bit open-ended, just pointing out that "just because you can add a candidate doesn't mean that the browser will try to use that candidate" - especially since the WG recommended failing silently rather than failing with an error.

GitHub Notification of comment by alvestrand
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 10 November 2020 19:25:03 UTC