[html5] r5953 - [giow] (0) abarth tells me one layer is sufficient, security wise.
whatwg at whatwg.org
whatwg at whatwg.org
Tue Mar 15 23:18:41 PDT 2011
Author: ianh
Date: 2011-03-15 23:18:40 -0700 (Tue, 15 Mar 2011)
New Revision: 5953
Modified:
complete.html
index
source
Log:
[giow] (0) abarth tells me one layer is sufficient, security wise.
Modified: complete.html
===================================================================
--- complete.html 2011-03-16 05:54:48 UTC (rev 5952)
+++ complete.html 2011-03-16 06:18:40 UTC (rev 5953)
@@ -72464,32 +72464,27 @@
<ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
bytes.</li>
- <li><p>Let <var title="">mask-key</var> be the first 16 bytes of
- the HMAC-SHA1 of the 16 <var title="">nonce</var> bytes
- concatenated with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a>
- bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
+ encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
+ media description, as defined above.</li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
+ salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">typed raw message</var> be the
concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">mask-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</li>
- <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
- encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
- media description, as defined above.</li>
-
- <li><p>Let <var title="">encrypted message</var> be the result of
- encrypting <var title="">masked message with nonce</var> using
- AES-128-CTR keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
- <li><p>Send <var title="">encrypted message</var> in a UDP packet
- to the destination that the relevant
+ <li><p>Send <var title="">masked message with nonce</var> in a UDP
+ packet to the destination that the relevant
<a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
@@ -72497,29 +72492,25 @@
stream</a> is received, the user agent must run the following
steps:</p>
- <ol><li><p>Let <var title="">encrypted message</var> be the UDP
+ <ol><li><p>Let <var title="">masked message with nonce</var> be the UDP
packet's data.</li>
- <li><p>If <var title="">encrypted message</var> is shorter than 20
+ <li><p>If <var title="">masked message with nonce</var> is shorter than 20
bytes, then abort these steps.</li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in the
media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
- <li><p>Let <var title="">masked message with nonce</var> be the
- result of decrypting <var title="">message</var> using AES-128-CTR
- keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of the
- HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
- with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
+ salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
Modified: index
===================================================================
--- index 2011-03-16 05:54:48 UTC (rev 5952)
+++ index 2011-03-16 06:18:40 UTC (rev 5953)
@@ -72473,32 +72473,27 @@
<ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
bytes.</li>
- <li><p>Let <var title="">mask-key</var> be the first 16 bytes of
- the HMAC-SHA1 of the 16 <var title="">nonce</var> bytes
- concatenated with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a>
- bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
+ encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
+ media description, as defined above.</li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
+ salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">typed raw message</var> be the
concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">mask-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</li>
- <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
- encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
- media description, as defined above.</li>
-
- <li><p>Let <var title="">encrypted message</var> be the result of
- encrypting <var title="">masked message with nonce</var> using
- AES-128-CTR keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
- <li><p>Send <var title="">encrypted message</var> in a UDP packet
- to the destination that the relevant
+ <li><p>Send <var title="">masked message with nonce</var> in a UDP
+ packet to the destination that the relevant
<a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
@@ -72506,29 +72501,25 @@
stream</a> is received, the user agent must run the following
steps:</p>
- <ol><li><p>Let <var title="">encrypted message</var> be the UDP
+ <ol><li><p>Let <var title="">masked message with nonce</var> be the UDP
packet's data.</li>
- <li><p>If <var title="">encrypted message</var> is shorter than 20
+ <li><p>If <var title="">masked message with nonce</var> is shorter than 20
bytes, then abort these steps.</li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in the
media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
- <li><p>Let <var title="">masked message with nonce</var> be the
- result of decrypting <var title="">message</var> using AES-128-CTR
- keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of the
- HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
- with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
+ salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
Modified: source
===================================================================
--- source 2011-03-16 05:54:48 UTC (rev 5952)
+++ source 2011-03-16 06:18:40 UTC (rev 5953)
@@ -82710,36 +82710,31 @@
<li><p>Let <var title="">nonce</var> be 16 cryptographically random
bytes.</p></li>
- <li><p>Let <var title="">mask-key</var> be the first 16 bytes of
- the HMAC-SHA1 of the 16 <var title="">nonce</var> bytes
- concatenated with the 16 <span>data UDP media stream salt</span>
- bytes. <a href="#refsHMAC">[HMAC]</a> <a
- href="#refsSHA1">[SHA1]</a></p></li>
+ <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
+ encryption key for the <span>data UDP media stream</span> in its
+ media description, as defined above.</p></li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var
+ title="">nonce</var> bytes, the 16 <span>data UDP media stream
+ salt</span> bytes, and the 16 <var title="">ice-key</var> bytes. <a
+ href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></p></li>
+
<li><p>Let <var title="">typed raw message</var> be the
concatenation of three 0x00 bytes, a 0x01 byte, and <var
title="">raw message</var>.</p></li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">mask-key</var>. <a
+ keyed with <var title="">key</var>. <a
href="#refsAES128CTR">[AES128CTR]</a></p></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</p></li>
- <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
- encryption key for the <span>data UDP media stream</span> in its
- media description, as defined above.</p></li>
-
- <li><p>Let <var title="">encrypted message</var> be the result of
- encrypting <var title="">masked message with nonce</var> using
- AES-128-CTR keyed with <var title="">ice-key</var>. <a
- href="#refsAES128CTR">[AES128CTR]</a></p></li>
-
- <li><p>Send <var title="">encrypted message</var> in a UDP packet
- to the destination that the relevant
+ <li><p>Send <var title="">masked message with nonce</var> in a UDP
+ packet to the destination that the relevant
<span><code>PeerConnection</code> ICE Agent</span> has selected a
destination for the <span>data UDP media stream</span>.</p></li>
@@ -82751,10 +82746,10 @@
<ol>
- <li><p>Let <var title="">encrypted message</var> be the UDP
+ <li><p>Let <var title="">masked message with nonce</var> be the UDP
packet's data.</p></li>
- <li><p>If <var title="">encrypted message</var> is shorter than 20
+ <li><p>If <var title="">masked message with nonce</var> is shorter than 20
bytes, then abort these steps.</p></li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
@@ -82762,21 +82757,17 @@
media description for this media stream. <a
href="#refsSDP">[SDP]</a></p></li>
- <li><p>Let <var title="">masked message with nonce</var> be the
- result of decrypting <var title="">message</var> using AES-128-CTR
- keyed with <var title="">ice-key</var>. <a
- href="#refsAES128CTR">[AES128CTR]</a></p></li>
-
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</p></li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</p></li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of the
- HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
- with the 16 <span>data UDP media stream salt</span> bytes. <a
- href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></li>
+ <li><p>Let <var title="">key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the concatenation of the 16 <var
+ title="">nonce</var> bytes, the 16 <span>data UDP media stream
+ salt</span> bytes, and the 16 <var title="">ice-key</var> bytes. <a
+ href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></p></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
More information about the Commit-Watchers
mailing list