IETF Logo Mail Archive

[rtcweb] #6: Section 4.2.2

"rtcweb issue tracker" <trac+rtcweb@trac.tools.ietf.org> Sat, 16 February 2013 22:01 UTC

Return-Path: <trac+rtcweb@trac.tools.ietf.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B0E21F854D for <rtcweb@ietfa.amsl.com>; Sat, 16 Feb 2013 14:01:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 076uVmLLm3uq for <rtcweb@ietfa.amsl.com>; Sat, 16 Feb 2013 14:01:42 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 4C64321F854C for <rtcweb@ietf.org>; Sat, 16 Feb 2013 14:01:42 -0800 (PST)
Received: from localhost ([127.0.0.1]:53747 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+rtcweb@trac.tools.ietf.org>) id 1U6ppD-0004pz-AW; Sat, 16 Feb 2013 23:01:39 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: rtcweb issue tracker <trac+rtcweb@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-rtcweb-security@tools.ietf.org, bernard_aboba@hotmail.com
X-Trac-Project: rtcweb
Date: Sat, 16 Feb 2013 22:01:39 -0000
X-URL: http://tools.ietf.org/rtcweb/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/rtcweb/trac/ticket/6
Message-ID: <066.c56389e80a058971b7be30ae9f400693@trac.tools.ietf.org>
X-Trac-Ticket-ID: 6
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-rtcweb-security@tools.ietf.org, bernard_aboba@hotmail.com, rtcweb@ietf.org
X-SA-Exim-Mail-From: trac+rtcweb@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com
Resent-Message-Id: <20130216220142.4C64321F854C@ietfa.amsl.com>
Resent-Date: Sat, 16 Feb 2013 14:01:42 -0800
Resent-From: trac+rtcweb@trac.tools.ietf.org
Cc: rtcweb@ietf.org
Subject: [rtcweb] #6: Section 4.2.2
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2013 22:01:43 -0000

#6: Section 4.2.2

 [Note:  current thinking in the RTCWEB WG is not to support TCP and to
 support SCTP over DTLS, thus removing the need for masking.]

 [BA] This section seems somewhat "overtaken by events" given that the data
 channel will run over DTLS. How about the following?

 4.2.2. Masking

    Once consent is verified, there still is some concern about
    misinterpretation attacks as described by Huang et al.[huang-w2sp].
    Where TCP is used the risk is substantial due to the potential
    presence of transparent proxies and therefore if TCP is to be used,
    then WebSockets style masking MUST be employed.

    Since DTLS (with the anti-chosen plaintext mechanisms required by
    TLS 1.1) does not allow the attacker to generate predictable
    ciphertext, there is no need for masking of protocols running over
    DTLS (e.g. SCTP over DTLS, UDP over DTLS, etc.).

-- 
-------------------------------------+-------------------------------------
 Reporter:                           |      Owner:  draft-ietf-rtcweb-
  bernard_aboba@hotmail.com          |  security@tools.ietf.org
     Type:  defect                   |     Status:  new
 Priority:  major                    |  Milestone:  milestone1
Component:  security                 |    Version:  1.0
 Severity:  In WG Last Call          |   Keywords:
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/rtcweb/trac/ticket/6>
rtcweb <http://tools.ietf.org/rtcweb/>

v2.23.0 | Report a Bug | By Email