- From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
- Date: Thu, 06 Oct 2022 11:18:46 +0000
- To: public-webrtc@w3.org
alvestrand has just created a new issue for https://github.com/w3c/webrtc-identity: == Isolated tracks may need stats API to hide some data == From https://github.com/w3c/webrtc-stats/issues/699 and https://github.com/w3c/webrtc-stats/issues/550, the following concern was raised: > Prior work (e.g. http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf) has shown that you can recreate the plain text content of an encrypted, dTLS encoded audio conversation, based on patterns in packet size, frequency, etc. The fine level network information exposed by this API seems to be sufficient to re-carry out this attack. If this is needed for analysis / quality control / etc use, the API should limit it to these special cases (additional permission, for example). This is largely irrelevant for unprotected MediaStreamTracks, where the JS already has access to the plain text content, but may be relevant for isolated streams - stats concerning those may need to be hidden. Please view or discuss this issue at https://github.com/w3c/webrtc-identity/issues/39 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 6 October 2022 11:18:48 UTC