Re: Suggested resolution of Issue 849: Specify an AllowUnverifiedMedia RTCConfiguration property

On 4 May 2017 at 09:30, Cullen Jennings (fluffy) <> wrote:
> By happy to join a call on this. Let me be clear that I think is a very bad idea postpone DTLS handshake. I think the tls-id should be in the offer and both sides should use it.

Unfortunately that doesn't work for the offerer.  The offerer can't
validate a ClientHello from the answerer without seeing the signaling
that contains the answerer's tls-id value.

You could decide that you don't care about the unknown key share
attack.  That leads to having two different designs, with all the
associated complexity.  And we would have to be very careful to ensure
that one does not jeopardize the other.

It seems like we have a choice here between some security goals and
this use case with the third axis being the amount of complexity we
are prepared to take on in specifications and implementations.  That's
inherently a security risk as well.

Received on Thursday, 4 May 2017 00:20:12 UTC