- From: Matthew Kaufman <matthew@matthew.at>
- Date: Wed, 23 Mar 2011 17:13:01 -0700
On 3/23/2011 3:17 PM, Harald Alvestrand wrote: > Is there really an advantage to not using SRTP and reusing the RTP > format for the data messages? I'd go one further... why not DTLS-SRTP for the media and DTLS with some other header shim for the data messages? In particular, there are significant security advantages to end-to-end keying rather than transmitting keys over the signaling channel. > This is a well-known and well-analyzed encryption format, with > reasonably known security properties and library support (from > libraries that already have to be included in order to support > audio/video). Also agree here. Lets not re-invent something that's been invented *and* analyzed. > > I also fail to see the requirement for the masking, given that the > requirement for ICE (at least once the bug of not using passwords in > ICE is fixed) protects against cross-socket attacks. > Also agree. The STUN connectivity check message in ICE is sufficient to prove that the far end wants the data... masking to avoid proxies is a non-issue for this channel. Matthew Kaufman
Received on Wednesday, 23 March 2011 17:13:01 UTC