Responses to Gen-ART review comments #165
Conversation
|
LGTM |
| source. The length of this field is 32 bits. | ||
| source. The length of this field is 32 bits. The SSRC value in the | ||
| EKT tag MUST be the same as the one in the header of the SRTP packet | ||
| to which the tag is appended. |
There was a problem hiding this comment.
I'm not sure about this change to must be the same. I don't see any security reasons it has to be the same and it removes the possibility of making sure keys arrive before media - I don't have any solid reasons we should not make this change but I worry there is something we are forgetting and I don't see any solid reason that we do need to make this change. Others have more thoughts on this one way or the other ?
There was a problem hiding this comment.
The last EKT draft in avtcore required that the SSRC in the EKT tag match the one in the packet header. I assume this is to prevent an attack where an entity can I transmit modified packets and cause endpoints to replace keys with keys of other senders. By keeping the SSRC matching requirement, it would mitigate attacks by those without the ability to otherwise alter the packet flow.
No description provided.