Re: [rtcweb] I-D Action: draft-ietf-rtcweb-security-00.txt
Eric Rescorla <ekr@rtfm.com> Thu, 22 September 2011 14:06 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7F221F8CBF for <rtcweb@ietfa.amsl.com>; Thu, 22 Sep 2011 07:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.907
X-Spam-Level:
X-Spam-Status: No, score=-102.907 tagged_above=-999 required=5 tests=[AWL=0.070, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FRNHysQ9+S13 for <rtcweb@ietfa.amsl.com>; Thu, 22 Sep 2011 07:06:13 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id DD4CA21F8C9D for <rtcweb@ietf.org>; Thu, 22 Sep 2011 07:06:12 -0700 (PDT)
Received: by wyh21 with SMTP id 21so855921wyh.31 for <rtcweb@ietf.org>; Thu, 22 Sep 2011 07:08:43 -0700 (PDT)
Received: by 10.227.3.15 with SMTP id 15mr714873wbl.33.1316700523230; Thu, 22 Sep 2011 07:08:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.151.205 with HTTP; Thu, 22 Sep 2011 07:08:23 -0700 (PDT)
In-Reply-To: <4E7B2DDB.903@ericsson.com>
References: <20110922075433.17483.59128.idtracker@ietfa.amsl.com> <4E7B2DDB.903@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 22 Sep 2011 07:08:23 -0700
Message-ID: <CABcZeBNz9kEHnDeZOUSqB4P9pf9OVP57h-it59PqegVnV9+dCQ@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-security-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2011 14:06:13 -0000
Thanks. for pointing these out. I will add them to my TODO list to write up. On Thu, Sep 22, 2011 at 5:45 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote: > Hi EKR, > > (As an individual) > > Thanks for posting the draft. > > I am missing a few security issues that I think should be considered. > > 1. The attempt to overload the links in an domain by concentrating > traffic on the domain by choosing peer-pairs. Not that I think there is > any real protection against this other than limit the flows to their > "fair" share. > > 2. Configuring RTCP or other automatically sent traffic to high > bit-rates. Especially under conditions where continued consent can't be > determined. > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Multimedia Technologies, Ericsson Research EAB/TVM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- > >
- [rtcweb] I-D Action: draft-ietf-rtcweb-security-0… internet-drafts
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-securi… Eric Rescorla
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-securi… Magnus Westerlund