This forum is in archive mode. You will not be able to post new content.

Author Topic: Keep the NSA out of WebRTC  (Read 869 times)

0 Members and 1 Guest are viewing this topic.

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Keep the NSA out of WebRTC
« on: June 09, 2013, 05:45:39 PM »
The upcoming standard for real time communications on the web, WebRTC, currently makes DTLS mandatory to implement: All communications will be encrypted at all times with ephemerally keyed encryption. With DTLS-SRTP content interception will always be _possible_ to detect (e.g. by comparing session IDs) and when coupled with something like Persona (BrowserID) MITM becomes infesable.  This is a massive step forward from today's Internet: Even where we have encryption it's almost user to service, not user to user and even that can usually be defeated by a downgrading attack.
« Last Edit: June 09, 2013, 05:48:15 PM by kenjoe41 »
If you can't explain it to a 6 year old, you don't understand it yourself.[<NgGw/hsq]>EvbQrOrousk[/img]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.