IETF Logo Mail Archive

Re: [rtcweb] Same location media

Roman Shpount <roman@telurix.com> Thu, 20 October 2011 16:48 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D64F21F8C5E for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 09:48:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.88
X-Spam-Level:
X-Spam-Status: No, score=-2.88 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkrRpiA9MWoA for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 09:48:15 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id C900C21F8C17 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 09:48:15 -0700 (PDT)
Received: by ywa8 with SMTP id 8so3584672ywa.31 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 09:48:15 -0700 (PDT)
Received: by 10.236.138.47 with SMTP id z35mr16826732yhi.56.1319129295353; Thu, 20 Oct 2011 09:48:15 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by mx.google.com with ESMTPS id c10sm13706539yhj.2.2011.10.20.09.48.14 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 20 Oct 2011 09:48:14 -0700 (PDT)
Received: by qyk34 with SMTP id 34so4197593qyk.10 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 09:48:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.74.4 with SMTP id p4mr21242065pbv.47.1319129293465; Thu, 20 Oct 2011 09:48:13 -0700 (PDT)
Received: by 10.68.47.40 with HTTP; Thu, 20 Oct 2011 09:48:13 -0700 (PDT)
In-Reply-To: <CABcZeBMhS8TOK7ztTwWV_vtNf-pesiGtD29kROAAH85GhiE4Cw@mail.gmail.com>
References: <CAD5OKxuJi_VS9fRc4P6GN-StWzMhMHAQ2MyO8zJVsMfEeQRftg@mail.gmail.com> <CABcZeBMhS8TOK7ztTwWV_vtNf-pesiGtD29kROAAH85GhiE4Cw@mail.gmail.com>
Date: Thu, 20 Oct 2011 12:48:13 -0400
Message-ID: <CAD5OKxtwT3SH-4c_Sx-6u2ymT=CckngG018ZtDB=ZQ-aFZsiag@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="f46d0413911df327f004afbdb895"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Same location media
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 16:48:16 -0000

On Thu, Oct 20, 2011 at 12:30 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> Unless I'm confused, you get a similar check with ICE because the target
> needs not only to respond to STUN in general but also to STUN with
> particular credentials, which means that the target can enforce that only
> specific sites get those credentials.
>
>
You are right. It was me who was confused. With ICE it is even stricter,
since the per call credentials are used. What I am concerned about, is there
a way to game those credentials (which can be sent by a malicious web
server) to allow ICE check to succeed when used against a public STUN server
with known credentials?
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email