[whatwg] PeerConnection: encryption feedback
Matthew Kaufman
matthew at matthew.at
Wed Mar 23 17:13:01 PDT 2011
On 3/23/2011 3:17 PM, Harald Alvestrand wrote:
> Is there really an advantage to not using SRTP and reusing the RTP
> format for the data messages?
I'd go one further... why not DTLS-SRTP for the media and DTLS with some
other header shim for the data messages?
In particular, there are significant security advantages to end-to-end
keying rather than transmitting keys over the signaling channel.
> This is a well-known and well-analyzed encryption format, with
> reasonably known security properties and library support (from
> libraries that already have to be included in order to support
> audio/video).
Also agree here. Lets not re-invent something that's been invented *and*
analyzed.
>
> I also fail to see the requirement for the masking, given that the
> requirement for ICE (at least once the bug of not using passwords in
> ICE is fixed) protects against cross-socket attacks.
>
Also agree. The STUN connectivity check message in ICE is sufficient to
prove that the far end wants the data... masking to avoid proxies is a
non-issue for this channel.
Matthew Kaufman
More information about the whatwg
mailing list