W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: Ban ICE-LITE? Re: webRTC and Content Security Policy connect-src

From: Cullen Jennings <fluffy@iii.ca>
Date: Thu, 18 Jan 2018 13:46:51 -0700
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, Tim Panton <thp@westhawk.co.uk>, Iñaki Baz Castillo <ibc@aliax.net>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-Id: <A63747B6-96E7-44FB-BECD-1DD433C32515@iii.ca>
To: Harald Alvestrand <harald@alvestrand.no>

I don’t think banning ICE-Lite changes the problem much as you dig into this deeper. I think my thinking on this is about the same as it was when we talked about it a few years ago. 


> On Jan 12, 2018, at 6:19 AM, Harald Alvestrand <harald@alvestrand.no> wrote:
> 
> To me, it sounds like we should ban ICE-LITE altogether.
> 
> We've got a lot of security story resting on the idea that the ICE request/response requires both ends to have seen the SDP.
> If that isn't true for ICE-LITE, then ICE-LITE is not safe for WebRTC.
Received on Thursday, 18 January 2018 20:47:32 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 18 January 2018 20:47:33 UTC