[whatwg] PeerConnection: encryption feedback

Fri Mar 18 20:28:28 PDT 2011

On Fri, 18 Mar 2011, Glenn Maynard wrote:
> 
> It's possible that ICE doesn't actually negotiate this securely, since 
> the STUN server itself is untrusted.  Do you (or anyone else) know if 
> STUN negotiation is secure under these circumstances?  Or do you think 
> it doesn't matter?

The other ICE peer, the STUN server, the TURN server (if any), and the 
signaling channel are all under the control of the attacker in a worst 
case scenario (the user being directed to a hostile or hijacked site). The 
attacker essentially has perfect knowledge; the only thing we can add that 
the attacker doesn't know is a random number with each packet.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'