W3C home > Mailing lists > Public > public-webrtc@w3.org > September 2011

Masking (Re: PeerConnection Data Channel)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Sun, 04 Sep 2011 16:04:43 +0200
Message-ID: <4E63857B.3030505@alvestrand.no>
To: Matthew Kaufman <matthew.kaufman@skype.net>
CC: Justin Uberti <juberti@google.com>, public-webrtc@w3.org
On 09/02/11 18:59, Matthew Kaufman wrote:
>> - For encryption, it simply uses the underlying encryption of the 
>> session, i.e. none, SDES-SRTP, or DTLS-SRTP, as appropriate.
> Absolutely correct. Possibly needs masking for the "none" case 
> however... need to discuss.
Last round, people claimed that you needed masking because the attacker 
is in control of the data in the UDP packet.

I asked at the time whether we were going to do masking on raw audio 
data played back from a file, since the attacker would have complete 
control over that data too.

After that, the discussion went silent. I'm not sure the silence was 
caused by the message, but I never got a response.

(Note: I agree with EKR's comments about the lack of evidence that 
cross-protocol attacks are a problem once you assume ICE for all sessions.)

Received on Sunday, 4 September 2011 14:05:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:21 UTC