W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > November 2020

Re: [webrtc-pc] Define administratively prohibited in more detail (#2598)

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Tue, 10 Nov 2020 19:24:59 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-724915176-1605036298-sysbot+gh@w3.org>
In the particular issue that prompted us to consider this problem (#2534, #2426), the other mitigation that Chrome applied (apart from respecting the Fetch blocked-ports list) was to place an absolute upper bound on the number of ports a browser could open simultaneously.

I must admit that I have no idea what the next attack is going to be, so I thought I'd leave it a bit open-ended, just pointing out that "just because you can add a candidate doesn't mean that the browser will try to use that candidate" - especially since the WG recommended failing silently rather than failing with an error.

GitHub Notification of comment by alvestrand
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2598#issuecomment-724915176 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 10 November 2020 19:25:03 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:52 UTC