Strange warning from Martin Thomson on 2015-12-05 (public-webrtc@w3.org from December 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sat, 5 Dec 2015 22:02:32 +1100
To: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CABkgnnVO4Ex+26s2hYbVSLDyZsdy-F2FoSgZqLoiH-532cD42A@mail.gmail.com>

What is this supposed to mean?

"To prevent network sniffing from allowing a fourth party to establish
a connection to a peer using the information sent out-of-band to the
other peer and thus spoofing the client, the configuration information
SHOULD always be transmitted using an encrypted connection."

It's right at the bottom of a very big Section 4.3.1.

I might guess that this relates to the ICE ufrag and pwd, but it's
well out of place if that is the case and very confusing either way.

Received on Saturday, 5 December 2015 11:03:00 UTC