Masking (Re: PeerConnection Data Channel)

On 09/02/11 18:59, Matthew Kaufman wrote:
>> - For encryption, it simply uses the underlying encryption of the 
>> session, i.e. none, SDES-SRTP, or DTLS-SRTP, as appropriate.
> Absolutely correct. Possibly needs masking for the "none" case 
> however... need to discuss.
Last round, people claimed that you needed masking because the attacker 
is in control of the data in the UDP packet.

I asked at the time whether we were going to do masking on raw audio 
data played back from a file, since the attacker would have complete 
control over that data too.

After that, the discussion went silent. I'm not sure the silence was 
caused by the message, but I never got a response.

(Note: I agree with EKR's comments about the lack of evidence that 
cross-protocol attacks are a problem once you assume ICE for all sessions.)


Received on Sunday, 4 September 2011 14:05:23 UTC