At Thu, 31 Jul 2008 20:54:43 -0400, Hadriel Kaplan wrote: > > > > > -----Original Message----- > > From: Eric Rescorla [mailto:[EMAIL PROTECTED] > > > > Funny you should mention that. > > > > It's becoming increasingly clear that VBR codecs leak a fair > > amount of information, even when they are encrypted [WBC+08]. > > So, if, for instance, you were planning to use a fixed-rate > > codec and an attacker could force you into a VBR codec, that > > might leak information. > > Fascinating paper. (truly) But it sounds more like just a reason to > fix SRTP for VBR, through random padding or whatever.
I haven't studied the problem, but I suspect random padding is of limited use because it averages out. Probably better to use a fixed length codec. However, I think focusing on that misses the larger point: the UAC and UAS have certain desires as expressed in the messages/SDP To the extent to which we allow the intermediaries to change those messages, we need to carefully analyze each instance, and this analysis may actually depend on facts yet to be discovered. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
