[html5] r5954 - [e] (0) Add some notes about data UDP media stream security. (didn't mention int [...]

whatwg at whatwg.org whatwg at whatwg.org
Wed Mar 16 00:10:12 PDT 2011 

Author: ianh
Date: 2011-03-16 00:10:11 -0700 (Wed, 16 Mar 2011)
New Revision: 5954

Modified:
   complete.html
   index
   source
Log:
[e] (0) Add some notes about data UDP media stream security. (didn't mention integrity as we'll fix that -- i filed a bug on it)

Modified: complete.html
===================================================================
--- complete.html	2011-03-16 06:18:40 UTC (rev 5953)
+++ complete.html	2011-03-16 07:10:11 UTC (rev 5954)
@@ -1009,8 +1009,9 @@
    <li><a href=#stream-api><span class=secno>9.3 </span>Stream API</a></li>
    <li><a href=#peer-to-peer-connections><span class=secno>9.4 </span>Peer-to-peer connections</a></li>
    <li><a href=#the-data-stream><span class=secno>9.5 </span>The data stream</a></li>
-   <li><a href=#event-definitions-0><span class=secno>9.6 </span>Event definitions</a></li>
-   <li><a href=#event-summary><span class=secno>9.7 </span>Event Summary</a></ol></li>
+   <li><a href=#security-considerations><span class=secno>9.6 </span>Security considerations</a></li>
+   <li><a href=#event-definitions-0><span class=secno>9.7 </span>Event definitions</a></li>
+   <li><a href=#event-summary><span class=secno>9.8 </span>Event Summary</a></ol></li>
  <li><a href=#workers><span class=secno>10 </span>Web workers</a>
   <ol>
    <li><a href=#introduction-9><span class=secno>10.1 </span>Introduction</a>
@@ -72409,6 +72410,8 @@
 
 
 
+  <div class=impl>
+
   <h3 id=the-data-stream><span class=secno>9.5 </span>The data stream</h3>
 
   <p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
@@ -72545,9 +72548,21 @@
   <p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
   source</a>.</p>
 
+  </div>
 
-  <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
 
+  <h3 id=security-considerations><span class=secno>9.6 </span>Security considerations</h3>
+
+  <p>A <a href=#data-udp-media-stream>data UDP media stream</a> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
+
+
+
+  <h3 id=event-definitions-0><span class=secno>9.7 </span>Event definitions</h3>
+
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events
   use the <code><a href=#streamevent>StreamEvent</a></code> interface:</p>
@@ -72557,6 +72572,8 @@
   void <a href=#dom-closeevent-initcloseevent title=dom-CloseEvent-initCloseEvent>initCloseEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <a href=#stream>Stream</a> streamArg);
 };</pre>
 
+  <div class=impl>
+
   <p>The <dfn id=dom-streamevent-initstreamevent title=dom-StreamEvent-initStreamEvent><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
   similarly-named method in the DOM Events interfaces. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -72569,9 +72586,11 @@
   stated) and is not cancelable (except where otherwise stated), and
   which uses the <code><a href=#streamevent>StreamEvent</a></code> interface with the <code title=dom-StreamEvent-stream><a href=#dom-streamevent-stream>stream</a></code> attribute set to <var title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
 
-  <h3 id=event-summary><span class=secno>9.7 </span>Event Summary</h3>
 
+  <h3 id=event-summary><span class=secno>9.8 </span>Event Summary</h3>
+
   <p class=XXX>...will add event summary for streams here...</p>
 
 </div>

Modified: index
===================================================================
--- index	2011-03-16 06:18:40 UTC (rev 5953)
+++ index	2011-03-16 07:10:11 UTC (rev 5954)
@@ -1017,8 +1017,9 @@
    <li><a href=#stream-api><span class=secno>9.3 </span>Stream API</a></li>
    <li><a href=#peer-to-peer-connections><span class=secno>9.4 </span>Peer-to-peer connections</a></li>
    <li><a href=#the-data-stream><span class=secno>9.5 </span>The data stream</a></li>
-   <li><a href=#event-definitions-0><span class=secno>9.6 </span>Event definitions</a></li>
-   <li><a href=#event-summary><span class=secno>9.7 </span>Event Summary</a></ol></li>
+   <li><a href=#security-considerations><span class=secno>9.6 </span>Security considerations</a></li>
+   <li><a href=#event-definitions-0><span class=secno>9.7 </span>Event definitions</a></li>
+   <li><a href=#event-summary><span class=secno>9.8 </span>Event Summary</a></ol></li>
  <li><a href=#comms><span class=secno>10 </span>Communication</a>
   <ol>
    <li><a href=#event-definitions-1><span class=secno>10.1 </span>Event definitions</a></li>
@@ -72418,6 +72419,8 @@
 
 
 
+  <div class=impl>
+
   <h3 id=the-data-stream><span class=secno>9.5 </span>The data stream</h3>
 
   <p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
@@ -72554,9 +72557,21 @@
   <p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
   source</a>.</p>
 
+  </div>
 
-  <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
 
+  <h3 id=security-considerations><span class=secno>9.6 </span>Security considerations</h3>
+
+  <p>A <a href=#data-udp-media-stream>data UDP media stream</a> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
+
+
+
+  <h3 id=event-definitions-0><span class=secno>9.7 </span>Event definitions</h3>
+
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events
   use the <code><a href=#streamevent>StreamEvent</a></code> interface:</p>
@@ -72566,6 +72581,8 @@
   void <span title=dom-CloseEvent-initCloseEvent>initCloseEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <a href=#stream>Stream</a> streamArg);
 };</pre>
 
+  <div class=impl>
+
   <p>The <dfn id=dom-streamevent-initstreamevent title=dom-StreamEvent-initStreamEvent><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
   similarly-named method in the DOM Events interfaces. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -72578,9 +72595,11 @@
   stated) and is not cancelable (except where otherwise stated), and
   which uses the <code><a href=#streamevent>StreamEvent</a></code> interface with the <code title=dom-StreamEvent-stream><a href=#dom-streamevent-stream>stream</a></code> attribute set to <var title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
 
-  <h3 id=event-summary><span class=secno>9.7 </span>Event Summary</h3>
 
+  <h3 id=event-summary><span class=secno>9.8 </span>Event Summary</h3>
+
   <p class=XXX>...will add event summary for streams here...</p>
 
 </div>

Modified: source
===================================================================
--- source	2011-03-16 06:18:40 UTC (rev 5953)
+++ source	2011-03-16 07:10:11 UTC (rev 5954)
@@ -82649,6 +82649,8 @@
 
 
 
+  <div class="impl">
+
   <h3>The data stream</h3>
 
   <p>All <code>PeerConnection</code> connections include a <dfn>data
@@ -82810,7 +82812,19 @@
   title="concept-task">task</span> is the <span>networking task
   source</span>.</p>
 
+  </div>
 
+
+  <h3>Security considerations</h3>
+
+  <p>A <span>data UDP media stream</span> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
+
+
+
   <h3>Event definitions</h3>
 
   <p>The <code title="event-stream-addstream">addstream</code> and
@@ -82822,6 +82836,8 @@
   void <span title="dom-CloseEvent-initCloseEvent">initCloseEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <span>Stream</span> streamArg);
 };</pre>
 
+  <div class="impl">
+
   <p>The <dfn
   title="dom-StreamEvent-initStreamEvent"><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
@@ -82841,7 +82857,9 @@
   title="dom-StreamEvent-stream">stream</code> attribute set to <var
   title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
 
+
   <h3>Event Summary</h3>
 
   <p class="XXX">...will add event summary for streams here...</p>

More information about the Commit-Watchers mailing list