Re: Signaling & peerconnection API questions

On 2011-07-18 23:07, Ian Hickson wrote:
> On Mon, 18 Jul 2011, Prakash wrote:
>> Excellent. Thanks Ian. I was most concerned about interop with non
>> browser/existing systems. If the message is not opaque, then anyone
>> should be able to translate it if needed.
> Indeed. Compatibility with SIP in particular was high on my mind when
> designing this API; the intent is that it should be almost trivial to do a
> SIP gateway for this stuff. (I mean, as trivial as this stuff can get,
> anyway...)
I wonder, is there a security problem lurking here? According to section 
5.1 in <>, the agent should proceed as 
if the other end does not support ICE if the initial SDP offer indicates so.

So basically the web app could fake an SDP offer (indicating no support 
of ICE) locally, feed it to a PeerConnection object and then use 'send' 
to have the browser send data to an IP address and port of its choice 
(the address/port in the fake SDP).

This is not at all my area, so apologies up front if I got things wrong.


Received on Tuesday, 19 July 2011 14:21:55 UTC