- From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
- Date: Mon, 29 Jan 2018 09:43:53 +0100
- To: public-webrtc@w3.org
On 28/01/2018 18:05, Harald Alvestrand wrote: > Den 26. jan. 2018 19:29, skrev Cullen Jennings (fluffy): >> >>> On Jan 25, 2018, at 5:45 AM, Emil Ivov <emcho@jitsi.org >>> <mailto:emcho@jitsi.org>> wrote: >>> >>> >>> A way to set e2e encryption keys (for something like SRTP double) >>> would be great! >>> >>> Obviously doing that from the regular API wouldn’t make much sense, >>> but giving that option to browser extensions would be nice! >>> >> Let me generalize this a bit … I think the WG thinking about what APIs >> it might have for browser extensions as well as what API for JavaScript >> would be a good thing. This keying is one, codecs is another, and >> handling the policy around what IP addresses get disclosed is another. >> >> > Remember that exposing the session keys to Javascript means that anyone > who can get to your Javascript context can decrypt your communications, > and that anyone who's able to get or set your public/private keypair can > impersonate you in a man-in-the-middle attack. > > Of course anyone who can get at your raw communication can get at your > communication anyway, so this might not seem like a big deal. But think > through the security model before you ask to set keys. If we are talking about exposing e2e crypto keys in the context fo double/perc-lite, there are two crypto context, the end to end and the hop by hop one. Setting just the e2e crypto key in javascript will not have any impact on the hoop by hoop encryption (which will be the normal DTLS/SRTP one), so there is no security impact. Also, in my original mail I proposed that we could investigate how to couple this mechanism with the identity one, so even if the javascript is compromised there is no way of doing a man in the middle attack. Best regards Sergio
Received on Monday, 29 January 2018 08:44:13 UTC