In the particular issue that prompted us to consider this problem (#2534, #2426), the other mitigation that Chrome applied (apart from respecting the Fetch blocked-ports list) was to place an absolute upper bound on the number of ports a browser could open simultaneously. I must admit that I have no idea what the next attack is going to be, so I thought I'd leave it a bit open-ended, just pointing out that "just because you can add a candidate doesn't mean that the browser will try to use that candidate" - especially since the WG recommended failing silently rather than failing with an error. -- GitHub Notification of comment by alvestrand Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2598#issuecomment-724915176 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Tuesday, 10 November 2020 19:25:03 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:52 UTC