Status

()

defect
RESOLVED INVALID
7 years ago
6 years ago

People

(Reporter: cybermkk, Assigned: ekr)

Tracking

20 Branch
x86
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [WebRTC] [blocking-webrtc-])

Reporter

Description

7 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:20.0) Gecko/20121228 Firefox/20.0
Build ID: 20121228030811

Steps to reproduce:

Create offer with WEBRTC mozRTCPeerConnection:
 pc.createOffer(function (offer) {
                //this line prints the generated SDP
                log("Created offer" + JSON.stringify(offer));

                pc.setLocalDescription(offer, function () { ...
}


Actual results:

SDP was created without a=cypto tag.
v=0
o=Mozilla-SIPUA 9899 0 IN IP4 0.0.0.0
s=SIP Call
t=0 0
a=ice-ufrag:b3de65be
a=ice-pwd:c5e2abb556e29dd9b0481835a728ae4a
a=fingerprint:sha-256 68:25:70:72:AA:87:63:4B:51:84:43:11:FF:93:67:FF:B6:E6:B8:9D:F6:55:ED:55:98:8B:EE:9B:A6:39:60:B7
m=audio 59608 RTP/SAVPF 109 0 8 101
c=IN IP4 ...
a=rtpmap:109 opus/48000/2
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61851 typ host
a=candidate:1 1 UDP 1692467199 ... 59608 typ srflx raddr ... rport 61851
a=candidate:0 2 UDP 2111832318 ... 61852 typ host
a=candidate:1 2 UDP 1692467198 ... 52894 typ srflx raddr 10.7.6.45 rport 61852
m=video 55730 RTP/SAVPF 120
c=IN IP4 193.104.236.1
a=rtpmap:120 VP8/90000
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61853 typ host
a=candidate:1 1 UDP 1692467199 ... 55730 typ srflx raddr ... rport 61853
a=candidate:0 2 UDP 2111832318 ... 61854 typ host
a=candidate:1 2 UDP 1692467198 ... 56390 typ srflx raddr ... rport 61854
m=application 55059 SCTP/DTLS 5000 
c=IN IP4 ...
a=fmtp:5000 protocol=webrtc-datachannel;streams=16
a=sendrecv
a=candidate:0 1 UDP 2111832319 ... 61855 typ host
a=candidate:1 1 UDP 1692467199 ... 55059 typ srflx raddr ... rport 61855
a=candidate:0 2 UDP 2111832318 ... 61856 typ host
a=candidate:1 2 UDP 1692467198 ... 56301 typ srflx raddr ... rport 61856


Expected results:

A a=cypto tag shuld be addet to the SDP.
Liek google crome crates example:
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:HPBEDr+FSuj9rFjUsPCD6OS+3XQ2WAyEhxIE9FW3
a=crypto is SDES key exchange, which has not been adopted by the IETF rtcweb working group.  The approved keying mechanism is DTLS-SRTP, which Chrome is switching to, and is with Firefox is using.  SDES is trivially MITM-attacked by any server (or the JS code itself if it isn't trusted), since the keys are provided "in the clear" to the JS and any server.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Component: Untriaged → WebRTC: Networking
Product: Firefox → Core
QA Contact: jsmith
Resolution: --- → WONTFIX
Reporter

Comment 2

7 years ago
Thank you for the answer. 
In SDP looks like you support only sha254 fingerprint for now is Chrome also switching to sha256? 
Or will you support the sha1 to or any other variant of SHA2, is this issue cleared. I found only SHA1 fingerprint in IETF draft examples and some referenco of google using SHA224 variant.
Is this clear and do you know when chrome will switch to DTLS?
Regards
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Assignee: nobody → ekr
Assignee

Comment 3

7 years ago
(In reply to Mike from comment #2)
> Thank you for the answer. 
> In SDP looks like you support only sha254 fingerprint for now is Chrome also
> switching to sha256? 

We generate sha-256 but I believe we accept all the SHA variants.


> Or will you support the sha1 to or any other variant of SHA2, is this issue
> cleared. I found only SHA1 fingerprint in IETF draft examples and some
> referenco of google using SHA224 variant.
> Is this clear and do you know when chrome will switch to DTLS?

Chrome DTLS support is in progress.
Most of it has landed, but it's not entirely done yet.

http://code.google.com/p/webrtc/issues/detail?id=465
Whiteboard: [WebRTC] [blocking-webrtc-]

Comment 4

6 years ago
(In reply to Eric Rescorla (:ekr) from comment #3)
> (In reply to Mike from comment #2)
> > Thank you for the answer. 
> > In SDP looks like you support only sha254 fingerprint for now is Chrome also
> > switching to sha256? 
> 
> We generate sha-256 but I believe we accept all the SHA variants.
> 
> 
> > Or will you support the sha1 to or any other variant of SHA2, is this issue
> > cleared. I found only SHA1 fingerprint in IETF draft examples and some
> > referenco of google using SHA224 variant.
> > Is this clear and do you know when chrome will switch to DTLS?
> 
> Chrome DTLS support is in progress.
> Most of it has landed, but it's not entirely done yet.
> 
> http://code.google.com/p/webrtc/issues/detail?id=465

Comment 5

6 years ago
The RTCWEB working group recently declared consensus on disallowing the use of SDES. We cannot implement this functionality an remain compliant with the specifications. Closing this bug accordingly.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.