On 3/23/2011 3:17 PM, Harald Alvestrand wrote:
Is there really an advantage to not using SRTP and reusing the RTP format for the data messages?
I'd go one further... why not DTLS-SRTP for the media and DTLS with some other header shim for the data messages?
In particular, there are significant security advantages to end-to-end keying rather than transmitting keys over the signaling channel.
This is a well-known and well-analyzed encryption format, with reasonably known security properties and library support (from libraries that already have to be included in order to support audio/video).
Also agree here. Lets not re-invent something that's been invented *and* analyzed.
I also fail to see the requirement for the masking, given that the requirement for ICE (at least once the bug of not using passwords in ICE is fixed) protects against cross-socket attacks.
Also agree. The STUN connectivity check message in ICE is sufficient to prove that the far end wants the data... masking to avoid proxies is a non-issue for this channel.
Matthew Kaufman
