[guardian-dev] WebRTC
Michael Rogers
michael at briarproject.org
Wed Aug 7 09:53:42 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/08/13 13:27, Timur Mehrvarz wrote:
> I can now demonstrate how WebRTC traffic can be
> redirected/relayed/forwarded (not using ICE/TURN) so it becomes
> impossible for clients to discover each others IP addresses etc.,
> while still using WebRTC end-to-end encryption.
> http://mehrvarz.github.io/rtcchat2/#relayed
"Starting a session, both browsers will send their SDP (Session
Description Protocol) "offers" and "answers" over HTTPS to the rtc
chat rendezvous service. To establish a relayed WebRTC communication
link, the rendezvous service will modify the SDP data on the fly."
It worries me that the clients don't detect this modification! Isn't
there any end-to-end integrity checking in SDP?
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSAlFmAAoJEBEET9GfxSfMuZoH/07ce++2lfPftodoLjq8GOod
J6AY2MUIfbBCoXtWuWmMM1rF3XFFiPne09Q8fJbjlMOrSC8oftjFGo0XWsbX7LbO
I6tXcivgayWg5KH4zx62Gm1ue2rHKGIlXf5VwJ4Xei41R6O2pXskngfAeZmlvESg
i3uAAzydEJkcl8tSY+u5Pwqj/nmcJVZ1/vi6+e/TWBOtwXaAduN+gEOI0qTsE+3n
610+oIGs+Gw60oexbKC4s3gk1M068SuDEE0EareLAS0I+mjZqTHql3HELKIoCBy3
voN3IiyVU5rgJHoUml3zQgDfkpWKu4HDtjoBorV9aa6SEfqkGHOz2GSBphgYgPs=
=5soK
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list