Re: Ban ICE-LITE? webRTC and Content Security Policy connect-src from Sergio Garcia Murillo on 2018-01-12 (public-webrtc@w3.org from January 2018)

From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Fri, 12 Jan 2018 15:09:06 +0100
To: Iñaki Baz Castillo <ibc@aliax.net>
Cc: Harald Alvestrand <harald@alvestrand.no>, T H Panton <thp@westhawk.co.uk>, "public-webrtc@w3.org" <public-webrtc@w3.org>, Cullen Jennings <fluffy@iii.ca>
Message-ID: <9af65938-84ac-000c-048a-42dbafe0e750@gmail.com>

On 12/01/2018 15:01, Iñaki Baz Castillo wrote:
>> But that information will be available at the full ice endpoint as soon as
>> the first incoming stun binding request is received. So wouldn't this mean
>> that both full ice and ice lite are equally insecure?
> Why? The STUN Binding Request does not include the sender's
> credentials, but the remote ones.
You see, long time since I did implement ICE.. :)

Regards
Sergio

Received on Friday, 12 January 2018 14:09:28 UTC