Closed
Bug 825515
Opened 13 years ago
Closed 12 years ago
WEBRTC a=crypto SDP
Categories
(Core :: WebRTC: Networking, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: cybermkk, Assigned: ekr)
Details
(Whiteboard: [WebRTC] [blocking-webrtc-])
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:20.0) Gecko/20121228 Firefox/20.0
Build ID: 20121228030811
Steps to reproduce:
Create offer with WEBRTC mozRTCPeerConnection:
pc.createOffer(function (offer) {
//this line prints the generated SDP
log("Created offer" + JSON.stringify(offer));
pc.setLocalDescription(offer, function () { ...
}
Actual results:
SDP was created without a=cypto tag.
v=0
o=Mozilla-SIPUA 9899 0 IN IP4 0.0.0.0
s=SIP Call
t=0 0
a=ice-ufrag:b3de65be
a=ice-pwd:c5e2abb556e29dd9b0481835a728ae4a
a=fingerprint:sha-256 68:25:70:72:AA:87:63:4B:51:84:43:11:FF:93:67:FF:B6:E6:B8:9D:F6:55:ED:55:98:8B:EE:9B:A6:39:60:B7
m=audio 59608 RTP/SAVPF 109 0 8 101
c=IN IP4 ...
a=rtpmap:109 opus/48000/2
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61851 typ host
a=candidate:1 1 UDP 1692467199 ... 59608 typ srflx raddr ... rport 61851
a=candidate:0 2 UDP 2111832318 ... 61852 typ host
a=candidate:1 2 UDP 1692467198 ... 52894 typ srflx raddr 10.7.6.45 rport 61852
m=video 55730 RTP/SAVPF 120
c=IN IP4 193.104.236.1
a=rtpmap:120 VP8/90000
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61853 typ host
a=candidate:1 1 UDP 1692467199 ... 55730 typ srflx raddr ... rport 61853
a=candidate:0 2 UDP 2111832318 ... 61854 typ host
a=candidate:1 2 UDP 1692467198 ... 56390 typ srflx raddr ... rport 61854
m=application 55059 SCTP/DTLS 5000
c=IN IP4 ...
a=fmtp:5000 protocol=webrtc-datachannel;streams=16
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61855 typ host
a=candidate:1 1 UDP 1692467199 ... 55059 typ srflx raddr ... rport 61855
a=candidate:0 2 UDP 2111832318 ... 61856 typ host
a=candidate:1 2 UDP 1692467198 ... 56301 typ srflx raddr ... rport 61856
Expected results:
A a=cypto tag shuld be addet to the SDP.
Liek google crome crates example:
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:HPBEDr+FSuj9rFjUsPCD6OS+3XQ2WAyEhxIE9FW3
Comment 1•13 years ago
|
||
a=crypto is SDES key exchange, which has not been adopted by the IETF rtcweb working group. The approved keying mechanism is DTLS-SRTP, which Chrome is switching to, and is with Firefox is using. SDES is trivially MITM-attacked by any server (or the JS code itself if it isn't trusted), since the keys are provided "in the clear" to the JS and any server.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Component: Untriaged → WebRTC: Networking
Product: Firefox → Core
QA Contact: jsmith
Resolution: --- → WONTFIX
Thank you for the answer.
In SDP looks like you support only sha254 fingerprint for now is Chrome also switching to sha256?
Or will you support the sha1 to or any other variant of SHA2, is this issue cleared. I found only SHA1 fingerprint in IETF draft examples and some referenco of google using SHA224 variant.
Is this clear and do you know when chrome will switch to DTLS?
Regards
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Updated•13 years ago
|
Assignee: nobody → ekr
Assignee | ||
Comment 3•13 years ago
|
||
(In reply to Mike from comment #2)
> Thank you for the answer.
> In SDP looks like you support only sha254 fingerprint for now is Chrome also
> switching to sha256?
We generate sha-256 but I believe we accept all the SHA variants.
> Or will you support the sha1 to or any other variant of SHA2, is this issue
> cleared. I found only SHA1 fingerprint in IETF draft examples and some
> referenco of google using SHA224 variant.
> Is this clear and do you know when chrome will switch to DTLS?
Chrome DTLS support is in progress.
Most of it has landed, but it's not entirely done yet.
http://code.google.com/p/webrtc/issues/detail?id=465
Updated•13 years ago
|
Whiteboard: [WebRTC] [blocking-webrtc-]
(In reply to Eric Rescorla (:ekr) from comment #3)
> (In reply to Mike from comment #2)
> > Thank you for the answer.
> > In SDP looks like you support only sha254 fingerprint for now is Chrome also
> > switching to sha256?
>
> We generate sha-256 but I believe we accept all the SHA variants.
>
>
> > Or will you support the sha1 to or any other variant of SHA2, is this issue
> > cleared. I found only SHA1 fingerprint in IETF draft examples and some
> > referenco of google using SHA224 variant.
> > Is this clear and do you know when chrome will switch to DTLS?
>
> Chrome DTLS support is in progress.
> Most of it has landed, but it's not entirely done yet.
>
> http://code.google.com/p/webrtc/issues/detail?id=465
Comment 5•12 years ago
|
||
The RTCWEB working group recently declared consensus on disallowing the use of SDES. We cannot implement this functionality an remain compliant with the specifications. Closing this bug accordingly.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago → 12 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•