Loop/Architecture/Fingerprint Validation: Difference between revisions

Jump to navigation Jump to search

Loop/Architecture/Fingerprint Validation (view source)

Revision as of 09:19, 25 September 2015

No change in size ,  25 September 2015
m
s/DLTS/DTLS
m (s/DLTS/DTLS)
Line 1: Line 1:


WebRTC's [https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-11#section-5.5 communications security model] works by way of a three-pronged model:
WebRTC's [https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-11#section-5.5 communications security model] works by way of a three-pronged model:
# All media is encrypted with SRTP-DLTS, which uses a DH exchange to establish media security. The negotiated DH keys are not exposed to content.
# All media is encrypted with SRTP-DTLS, which uses a DH exchange to establish media security. The negotiated DH keys are not exposed to content.
# To prevent active on-path attacks, DTLS fingerprint validation is performed by using a third-party signature, rooted in the web PKI, to authenticate the fingerprint. See [http://w3c.github.io/webrtc-pc/#sec.identity-proxy the WebRTC 1.0 Identity mechanism] for details.
# To prevent active on-path attacks, DTLS fingerprint validation is performed by using a third-party signature, rooted in the web PKI, to authenticate the fingerprint. See [http://w3c.github.io/webrtc-pc/#sec.identity-proxy the WebRTC 1.0 Identity mechanism] for details.
# To prevent in-content attacks, any streams for which fingerprint validation has been performed are "isolated" such that the content cannot be extracted by the webpage.
# To prevent in-content attacks, any streams for which fingerprint validation has been performed are "isolated" such that the content cannot be extracted by the webpage.
Mikedeboer
Confirmed users
74

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1097566"

Navigation menu