IETF Logo Mail Archive

Re: [rtcweb] Security issue: initial consent

Matthew Kaufman <matthew.kaufman@skype.net> Thu, 27 October 2011 23:44 UTC

Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2485421F84CC for <rtcweb@ietfa.amsl.com>; Thu, 27 Oct 2011 16:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbLSP7bOeSlQ for <rtcweb@ietfa.amsl.com>; Thu, 27 Oct 2011 16:44:44 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id 61CDF21F84CE for <rtcweb@ietf.org>; Thu, 27 Oct 2011 16:44:44 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id A96C31712; Fri, 28 Oct 2011 01:44:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mx; bh=ha5kN3J9r7pnQG Rby94XIrK4lfo=; b=QN7KPgHdzAUnTaDPeq7NOatAmJ7W36tPXkl4n57a6+bOtl s0Hj3vkt8/qdxFRK7zjK6XB4HtMV3TJayHX1ZGaXxOKaWLlR4pyOHZGjBZueK6De 0zxS6QqmbXFuD2xNRhWNYFoJ1g0wRkqP25JuJuvBQTByF3FW+QbuMdGj/LVak=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type: content-transfer-encoding; q=dns; s=mx; b=FvBJuIwTCbP7FPLwb7+IYw gu+dj+doFHJ+jGpego9Kxzw7TEDxxvkG6T17DWUggLmuQ869CIcJt/ipXRL6a1fu VxL/5KxBjym607BN0LwqDutvhOONH8yI8Nq+bX0pfumqVaZaP0rMPEuT868xk+3z HFFlF0M/qW0pT7u5r79jw=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id A6C497F6; Fri, 28 Oct 2011 01:44:43 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id 8407F1672684; Fri, 28 Oct 2011 01:44:43 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IX5zsW2kPneY; Fri, 28 Oct 2011 01:44:42 +0200 (CEST)
Received: from Matthew-Kaufman-Air.local (unknown [89.105.27.6]) by zimbra.skype.net (Postfix) with ESMTPSA id 2E75E1672682; Fri, 28 Oct 2011 01:44:42 +0200 (CEST)
Message-ID: <4EA9ECE9.4050500@skype.net>
Date: Fri, 28 Oct 2011 00:44:41 +0100
From: Matthew Kaufman <matthew.kaufman@skype.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <DAE0FB53-9D19-44CF-B3A4-2EE414A9EEAA@acmepacket.com> <CABcZeBM8E_P5RYX-KwWe1Yf39fBEQvTA3i33Y3-nEikWcmJoDQ@mail.gmail.com> <CALiegfkJYPtXWw6oOj-pkP1Qiva7+BWpyt9MubqLL82eeo0MTQ@mail.gmail.com> <CABcZeBP4Lm_HT5AfuhzyM-4zcJ6tBW=xKksrPHF=c+Y1U2nyGg@mail.gmail.com> <99DF5455-9961-41E6-A506-1DD09AF6D1C0@acmepacket.com>
In-Reply-To: <99DF5455-9961-41E6-A506-1DD09AF6D1C0@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security issue: initial consent
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2011 23:44:45 -0000

On 10/28/11 12:39 AM, Hadriel Kaplan wrote:
> ...
>    Heck, we could even mandate using a new TCP header option to be reflected by the other side, similar to the TCP Timestamp option, but put a random number in it.
>

Again, the STUN connectivity test used by ICE does more than simply 
prove that the far end got the packet and can reflect it back. The 
reflection isn't even done unless the long-term credentials are valid.

Matthew Kaufman

v2.23.0 | Report a Bug | By Email