W3C home > Mailing lists > Public > public-webrtc@w3.org > December 2015

Re: Strange warning

From: Cullen Jennings (fluffy) <fluffy@cisco.com>
Date: Thu, 10 Dec 2015 23:20:10 +0000
To: Harald Tveit Alvestrand <harald@alvestrand.no>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
CC: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <8E251611-419B-460C-958F-E34964FB00A7@cisco.com>

The concern this was meant to address was the following ....

Imagine an non encrypted channel such at HTTP long poll is used for the signaling and we have an on path network attacker. The browser sends an offer over a HTTP put then does a HTTP long poll to get the answer. The attacker can intercept the HTTP requests and replace both the offers and answers with ones that allow it to MITM the media. 

Because signaling is out of scope for WebRTC, we need to point out that if your signaling is compromised, then so is the media. It seems like this spec should say something about that somewhere. 

> On Dec 6, 2015, at 9:10 AM, Harald Alvestrand <harald@alvestrand.no> wrote:
> Den 05. des. 2015 12:02, skrev Martin Thomson:
>> What is this supposed to mean?
>> "To prevent network sniffing from allowing a fourth party to establish
>> a connection to a peer using the information sent out-of-band to the
>> other peer and thus spoofing the client, the configuration information
>> SHOULD always be transmitted using an encrypted connection."
>> It's right at the bottom of a very big Section 4.3.1.
>> I might guess that this relates to the ICE ufrag and pwd, but it's
>> well out of place if that is the case and very confusing either way.
> Ufrag and password will let one establish an ICE connection.
> It won't permit a DTLS connection, since that requires the fingerprint
> to match.
> An active attacker can modify the fingerprint and get connected, but
> that's not what this paragraph is referring to, since it specifically
> talks about "network sniffing", not network interception - back in the
> days when we still considered permitting SDES, the warning was true as
> it stands - but we don't do that any more.
> I'd suggest deleting the paragraph.
Received on Thursday, 10 December 2015 23:20:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:47 UTC