- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 19 Mar 2011 03:28:28 +0000 (UTC)
On Fri, 18 Mar 2011, Glenn Maynard wrote: > > It's possible that ICE doesn't actually negotiate this securely, since > the STUN server itself is untrusted. Do you (or anyone else) know if > STUN negotiation is secure under these circumstances? Or do you think > it doesn't matter? The other ICE peer, the STUN server, the TURN server (if any), and the signaling channel are all under the control of the attacker in a worst case scenario (the user being directed to a hostile or hijacked site). The attacker essentially has perfect knowledge; the only thing we can add that the attacker doesn't know is a random number with each packet. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 18 March 2011 20:28:28 UTC