W3C home > Mailing lists > Public > public-webrtc@w3.org > December 2015

Re: Strange warning

From: Harald Alvestrand <harald@alvestrand.no>
Date: Fri, 11 Dec 2015 07:57:21 +0100
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <566A73D1.7080109@alvestrand.no>
Den 11. des. 2015 00:20, skrev Cullen Jennings (fluffy):
> 
> The concern this was meant to address was the following ....
> 
> Imagine an non encrypted channel such at HTTP long poll is used for the signaling and we have an on path network attacker. The browser sends an offer over a HTTP put then does a HTTP long poll to get the answer. The attacker can intercept the HTTP requests and replace both the offers and answers with ones that allow it to MITM the media. 
> 
> Because signaling is out of scope for WebRTC, we need to point out that if your signaling is compromised, then so is the media. It seems like this spec should say something about that somewhere. 


That sounds like a good thing to say somewhere in the security
considerations.
(It's also said in the IETF security docs, methinks)

> 
> 
> 
> 
>> On Dec 6, 2015, at 9:10 AM, Harald Alvestrand <harald@alvestrand.no> wrote:
>>
>> Den 05. des. 2015 12:02, skrev Martin Thomson:
>>> What is this supposed to mean?
>>>
>>> "To prevent network sniffing from allowing a fourth party to establish
>>> a connection to a peer using the information sent out-of-band to the
>>> other peer and thus spoofing the client, the configuration information
>>> SHOULD always be transmitted using an encrypted connection."
>>>
>>> It's right at the bottom of a very big Section 4.3.1.
>>>
>>> I might guess that this relates to the ICE ufrag and pwd, but it's
>>> well out of place if that is the case and very confusing either way.
>>>
>>
>> Ufrag and password will let one establish an ICE connection.
>>
>> It won't permit a DTLS connection, since that requires the fingerprint
>> to match.
>> An active attacker can modify the fingerprint and get connected, but
>> that's not what this paragraph is referring to, since it specifically
>> talks about "network sniffing", not network interception - back in the
>> days when we still considered permitting SDES, the warning was true as
>> it stands - but we don't do that any more.
>>
>> I'd suggest deleting the paragraph.
>>
>>
>>
> 
Received on Friday, 11 December 2015 06:57:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:47 UTC