Contact emails...@chromium.org ExplainerNone
Specificationhttps://www.rfc-editor.org/rfc/rfc8826#section-4.3.1 Summary The SDES key exchange mechanism for WebRTC has been declared a MUST NOT in the relevant IETF standards since 2013. The SDES specification has been declared Historic by the IETF. Its usage in Chrome has declined significantly over the recent year. This intent is to deprecate and remove this code from Chromium and WebRTC. Blink componentBlink>WebRTC>Network <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebRTC%3ENetwork> Motivation The reason why SDES is deprecated is that it is a security problem: It exposes session keys to Javascript, which means that entities with access to the negotiation exchange, or with the ability to subvert the Javascript, can decrypt the media sent over the connection. Initial public proposal TAG review TAG review statusNot applicable Risks Interoperability and Compatibility Gecko: No signal WebKit: No signal Web developers: No signals Debuggability When this feature is removed, people attempting to set up such a connection will fail to do so. This should be easy to diagnose. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ?No Flag name Requires code in //chrome?False Tracking bughttps://crbug.com/webrtc/11066 Estimated milestones Link to entry on the Chrome Platform Status https://www.chromestatus.com/feature/5695324321480704 This intent message was generated by Chrome Platform Status <https://www.chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOqqYVFNbzG24kGbRFT1sMAroU4ifwv%2BpkA0kU2vkmpHFSgDrQ%40mail.gmail.com.