Re: [rtcweb] security-arch: 6.4.1 PeerConnection Origin Check

Michael Procter <michael@voip.co.uk> Wed, 23 July 2014 01:43 UTC

Return-Path: <michael@voip.co.uk>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AAD41A0164 for <rtcweb@ietfa.amsl.com>; Tue, 22 Jul 2014 18:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.579
X-Spam-Level:
X-Spam-Status: No, score=-3.579 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4mikW28nU8s for <rtcweb@ietfa.amsl.com>; Tue, 22 Jul 2014 18:43:07 -0700 (PDT)
Received: from mail-wg0-f41.google.com (na3sys009aog127.obsmtp.com [74.125.149.107]) by ietfa.amsl.com (Postfix) with SMTP id B04441A0151 for <rtcweb@ietf.org>; Tue, 22 Jul 2014 18:43:06 -0700 (PDT)
Received: from mail-wg0-f41.google.com ([74.125.82.41]) (using TLSv1) by na3sys009aob127.postini.com ([74.125.148.12]) with SMTP ID DSNKU88TKnwM4sw1ozxEbQIToK4n2mDOVgyF@postini.com; Tue, 22 Jul 2014 18:43:06 PDT
Received: by mail-wg0-f41.google.com with SMTP id z12so451621wgg.24 for <rtcweb@ietf.org>; Tue, 22 Jul 2014 18:43:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=xAaHMljovEWqSoCcQ3RMtp8kWeSYBHzVkq944fPG3Eo=; b=XWAnQ1CGE02hGejBdywgxqzvnY5g//GV7kFxVAwcz2wiSdMqBbi1qsowWnANBiHDVW maP8t+hPpv2pR4ZI247Q+3/0wXfN6DKoEdfhq9CqkFGqFKJX8vZzscu1E+JKy0lJc6fC Z66vVluj3Jr/xnmUEPL7Wu7AqdWscUyGfDJ9A8Gk2HzhyXbRiuaVvlNPynI4B/LKUS9I kh1aDyk67UnOwZYd2GqrVI/N/GxIGJU9sqhjKCo4p0rEOsQlL9CzwfwEJ5U8zPCm8J4U 8XPEpAwBzvqvR1RPAi5VhiS8YOYJrC9ThkrKKAAVjp2U9nVTI5nMzVpoRUCZOJmAUPlv bntw==
X-Gm-Message-State: ALoCoQl3XyFLr48Y3SSzkZ63TsKyTe2B7V1+FM88DAwbxEFJ02d5jQlEyy0jCtEoU6UuMHUMk62CetO9dFYstwFgzeWycvx7sVa4ylFMBJEjB47ByCo9H3uJOvmhzam2UdltrfkYWqG3
X-Received: by 10.180.19.200 with SMTP id h8mr20449482wie.32.1406079784632; Tue, 22 Jul 2014 18:43:04 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.19.200 with SMTP id h8mr20449474wie.32.1406079784530; Tue, 22 Jul 2014 18:43:04 -0700 (PDT)
Received: by 10.194.60.178 with HTTP; Tue, 22 Jul 2014 18:43:04 -0700 (PDT)
In-Reply-To: <CABkgnnWZp1Ad9vPnR6h3+m5P7p-FaqVAXWSKq8_EjzYV4jjj9g@mail.gmail.com>
References: <CAPms+wQPirBi1utnMjrScMk_U7_6x6qK+mC_6ZV054rYsNnwTg@mail.gmail.com> <CABkgnnWZp1Ad9vPnR6h3+m5P7p-FaqVAXWSKq8_EjzYV4jjj9g@mail.gmail.com>
Date: Tue, 22 Jul 2014 21:43:04 -0400
Message-ID: <CAPms+wTNCE9NpUc+4SLZe8pwON02ud-qTndfX3nGSOwZZsXQbQ@mail.gmail.com>
From: Michael Procter <michael@voip.co.uk>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/nJeEVvaEI-dleoE6G8wtJQdLTtc
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] security-arch: 6.4.1 PeerConnection Origin Check
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 01:43:08 -0000

Pull request on github, issue 15.

On 22 July 2014 12:01, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 21 July 2014 16:51, Michael Procter <michael@voip.co.uk> wrote:
>>
>>    Fundamentally, the IdP proxy is just a piece of JS loaded by
>>    the browser, so nothing stops a Web attacker from creating their
>>    own IFRAME, loading the IdP proxy JS, and requesting a
>>    signature.  In order to prevent this attack, we require that communication
>>    with the IdP proxy be via a MessageChannel in a way that cannot
>>    be emulated by hostile JS.  This is discussed in section 8.2.1 of
>> [webrtc-api].
>
>
> I'm having a hard time finding a fault with your suggestions Michael.
> This is great, thanks.