On 28/11/2018 0:28, Eric Rescorla wrote: > > No we aren't because it is a completely different scenario. Even > if the outher keys are compromising by using it in the app, the > inner dtls keys are not and on worst scenario we would be on same > scenario as what we are today in webrtc 1.0. > > It's a different scenario but the same reasoning applies: having the > JS (and more importantly, some intermediate server) creates a number > of vectors for passive attack. And because the data is in the clear at > the SFU, then you have the possibility for a completely passive > attack. This is one of the primary reasons why we required DTLS-SRTP > and not SDES for basic WebRTC. JS can clone the media stream and just send the media to a rogue server, no need to worry about intercepting keys. Best regards SergioReceived on Wednesday, 28 November 2018 09:06:08 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:45 UTC