Summary: | NiceAgentRecvFunc invoked for data even when not coming from authenticated pairs | ||
---|---|---|---|
Product: | nice | Reporter: | Lorenzo Miniero <lminiero> |
Component: | General | Assignee: | Olivier CrĂȘte <olivier.crete> |
Status: | RESOLVED MOVED | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | zhixinx.liu |
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: |
Description
Lorenzo Miniero
2014-08-22 08:20:33 UTC
To the best of my understanding, ICE's security is intended for the short-lived negotation, and does not extend to the session itself. To guarantee session security, one would use something like SRTP. Yes, but we shouldn't be accepting data from un-authenticated peer. Last draft I checked, this was required by WebRTC, and is actually required by the ICE RFC. Migrated to Phabricator: http://phabricator.freedesktop.org/T104 |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.