- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Sun, 04 Sep 2011 16:04:43 +0200
- To: Matthew Kaufman <matthew.kaufman@skype.net>
- CC: Justin Uberti <juberti@google.com>, public-webrtc@w3.org
On 09/02/11 18:59, Matthew Kaufman wrote:
>
>> - For encryption, it simply uses the underlying encryption of the
>> session, i.e. none, SDES-SRTP, or DTLS-SRTP, as appropriate.
>
> Absolutely correct. Possibly needs masking for the "none" case
> however... need to discuss.
Last round, people claimed that you needed masking because the attacker
is in control of the data in the UDP packet.
I asked at the time whether we were going to do masking on raw audio
data played back from a file, since the attacker would have complete
control over that data too.
After that, the discussion went silent. I'm not sure the silence was
caused by the message, but I never got a response.
(Note: I agree with EKR's comments about the lack of evidence that
cross-protocol attacks are a problem once you assume ICE for all sessions.)
Harald
Received on Sunday, 4 September 2011 14:05:23 UTC