[RTW] Summary of Alternatives for media keying
Mark Nottingham
mnot at mnot.net
Tue Jul 26 20:17:29 CEST 2011
I thought this list was dead...
On 26/07/2011, at 7:14 AM, Eric Rescorla wrote:
> On Tue, Jul 26, 2011 at 7:00 AM, Bernard Aboba
> <bernard_aboba at hotmail.com> wrote:
>> Given this, there will probably be a practical need for RTCWEB to be able to
>> support
>> multiple media keying solutions. However, having to support multiple
>> solutions
>> natively is not a very appealing prospect. Therefore it would be a (more?)
>> useful
>> discussion to talk about the breakdown of functionality between native and
>> javascript.
>
> This was covered fairly extensively in Alan's, Matthew's, and my
> respective documents,
> and in Alan's and my presentations at the interim.
>
> If you wish to have a system which can even in principle be secure
> against attack by
> the calling site, you need to have more or less the entire key
> exchange implementation
> and SRTP implementation in the browser, not in the JS. Moroever, as
> Alan and Matthew
> have observed, the implementation must allow the users to have direct access
> (unmediated by the JS) to enough keying material to verify peer
> identity (presuming
> they have some secure channel with which to do so).
>
> -Ekr
> _______________________________________________
> RTC-Web mailing list
> RTC-Web at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/rtc-web
--
Mark Nottingham http://www.mnot.net/
More information about the RTC-Web
mailing list