On 13.06.14, 21:33, Philipp Hancke wrote:
Am 13.06.2014 14:02, schrieb Emil Ivov:
Hey Marcel,
Congrats for the release.
same here, ^5 Klaus!
One question
On 12.06.14, 18:40, Marcel Waldvogel wrote:
* End-to-end encrypted audio and video calls from Firefox and Chrome
without plugin
Is this referring to WebRTC's use of DTLS-SRTP? Because, if so,
"end-to-end" is a bit misleading given that today's implementation of
DTLS-SRTP there is vulnerable to to MitM attacks from the service
provider.
Well, it's end-to-end. It's not end-to-end with authenticated peers.
Sure but isn't that a core promise of and what's really meant by
end-to-end? Without that constraint SDES would also qualify.
Quoting wikipedia:
"The intention of end-to-end encryption is to prevent intermediaries,
such as Internet providers or application service providers, from being
able to discover or tamper with the content of communications. "
There's currently no such protection in WebRTC's current DTLS-SRTP
implementation.
Emil
--
https://jitsi.org
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
