- From: Cullen Jennings <fluffy@cisco.com>
- Date: Tue, 20 Sep 2011 14:09:04 -0600
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: Matthew Kaufman <matthew.kaufman@skype.net>, Justin Uberti <juberti@google.com>, public-webrtc@w3.org
Just on my 2 cents on masking.... I understand why it was needed when you masquerading data as HTTP but given we are not doing that, I see no need for it. On Sep 4, 2011, at 8:04 AM, Harald Alvestrand wrote: > On 09/02/11 18:59, Matthew Kaufman wrote: >> >>> - For encryption, it simply uses the underlying encryption of the session, i.e. none, SDES-SRTP, or DTLS-SRTP, as appropriate. >> >> Absolutely correct. Possibly needs masking for the "none" case however... need to discuss. > Last round, people claimed that you needed masking because the attacker is in control of the data in the UDP packet. > > I asked at the time whether we were going to do masking on raw audio data played back from a file, since the attacker would have complete control over that data too. > > After that, the discussion went silent. I'm not sure the silence was caused by the message, but I never got a response. > > (Note: I agree with EKR's comments about the lack of evidence that cross-protocol attacks are a problem once you assume ICE for all sessions.) > > Harald > > >
Received on Tuesday, 20 September 2011 20:09:32 UTC