W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: Ban ICE-LITE? webRTC and Content Security Policy connect-src

From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Fri, 12 Jan 2018 14:54:53 +0100
Message-ID: <CALiegfkACCYXmRs56vGgbEqR6GgkuGpCkjX5mur1jZWZVpoBUQ@mail.gmail.com>
To: Lennart Grahl <lennart.grahl@gmail.com>
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, Harald Alvestrand <harald@alvestrand.no>, T H Panton <thp@westhawk.co.uk>, Cullen Jennings <fluffy@iii.ca>, public-webrtc@w3.org
On 12 January 2018 at 14:52, Lennart Grahl <lennart.grahl@gmail.com> wrote:
> I'm not sure restricting STUN/TURN servers, or banning ICE lite, or what
> you've suggested now would resolve this issue:
> What if I create an RTCPeerConnection and I use allowed STUN/TURN
> servers (if any). I create an offer and provide a fake answer with some
> data encoded as part of ICE ufrag/pwd. Then I'll pass fake remote
> candidates that include an IP I want to send this information to. The
> ICE agent will start sending STUN binding requests to that IP which
> contains my data as part of the username. Shouldn't that work?


Iñaki Baz Castillo
Received on Friday, 12 January 2018 13:55:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 12 January 2018 13:55:41 UTC