[rtcweb] #6: Section 4.2.2
"rtcweb issue tracker" <trac+rtcweb@trac.tools.ietf.org> Sat, 16 February 2013 22:01 UTC
Return-Path: <trac+rtcweb@trac.tools.ietf.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B0E21F854D for <rtcweb@ietfa.amsl.com>; Sat, 16 Feb 2013 14:01:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 076uVmLLm3uq for <rtcweb@ietfa.amsl.com>; Sat, 16 Feb 2013 14:01:42 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 4C64321F854C for <rtcweb@ietf.org>; Sat, 16 Feb 2013 14:01:42 -0800 (PST)
Received: from localhost ([127.0.0.1]:53747 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+rtcweb@trac.tools.ietf.org>) id 1U6ppD-0004pz-AW; Sat, 16 Feb 2013 23:01:39 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: rtcweb issue tracker <trac+rtcweb@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-rtcweb-security@tools.ietf.org, bernard_aboba@hotmail.com
X-Trac-Project: rtcweb
Date: Sat, 16 Feb 2013 22:01:39 -0000
X-URL: http://tools.ietf.org/rtcweb/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/rtcweb/trac/ticket/6
Message-ID: <066.c56389e80a058971b7be30ae9f400693@trac.tools.ietf.org>
X-Trac-Ticket-ID: 6
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-rtcweb-security@tools.ietf.org, bernard_aboba@hotmail.com, rtcweb@ietf.org
X-SA-Exim-Mail-From: trac+rtcweb@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com
Resent-Message-Id: <20130216220142.4C64321F854C@ietfa.amsl.com>
Resent-Date: Sat, 16 Feb 2013 14:01:42 -0800
Resent-From: trac+rtcweb@trac.tools.ietf.org
Cc: rtcweb@ietf.org
Subject: [rtcweb] #6: Section 4.2.2
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2013 22:01:43 -0000
#6: Section 4.2.2 [Note: current thinking in the RTCWEB WG is not to support TCP and to support SCTP over DTLS, thus removing the need for masking.] [BA] This section seems somewhat "overtaken by events" given that the data channel will run over DTLS. How about the following? 4.2.2. Masking Once consent is verified, there still is some concern about misinterpretation attacks as described by Huang et al.[huang-w2sp]. Where TCP is used the risk is substantial due to the potential presence of transparent proxies and therefore if TCP is to be used, then WebSockets style masking MUST be employed. Since DTLS (with the anti-chosen plaintext mechanisms required by TLS 1.1) does not allow the attacker to generate predictable ciphertext, there is no need for masking of protocols running over DTLS (e.g. SCTP over DTLS, UDP over DTLS, etc.). -- -------------------------------------+------------------------------------- Reporter: | Owner: draft-ietf-rtcweb- bernard_aboba@hotmail.com | security@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: milestone1 Component: security | Version: 1.0 Severity: In WG Last Call | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/rtcweb/trac/ticket/6> rtcweb <http://tools.ietf.org/rtcweb/>
- [rtcweb] #6: Section 4.2.2 rtcweb issue tracker