New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reorder to put identity bindings first #5
Conversation
I did some reframing to justify this organization. This probably needs another review.
250def2
to
936f41b
Compare
|
||
This attack applies to any communications established based on the SDP | ||
`fingerprint` attribute {{!RFC8122}}. | ||
A similar attack can be mounted without to any communications established based |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: s/without to any/without any/
@@ -273,50 +448,17 @@ conduct two sessions concurrently, if the attacker (Mallory) is on the network | |||
path between the victims, and if the same certificate - and therefore SDP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This attack creates an asymmetry in the beliefs about the identity of peers. However, this attack is only possible if the victim (Norma) is willing to conduct two sessions concurrently
Unless I'm mistaken, the precondition here is even more difficult than this phrasing would imply. Assuming my understanding is correct, I believe the following wording would be more accurate: ...is only possible if the victim (Norma) can be compelled to initiate two concurrent sessions nearly simultaneously...
Don't treat this comment as blocking. If you agree, make the change; if you don't, discard it and move the document forward.
@@ -349,21 +491,21 @@ identifier. | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This document only defines use of this extensions for SDP
Nit: "...this extension..."
Thanks Adam! |
I did some reframing to justify this organization. This probably needs
another review.
Attn. @adamroach - preview of complete draft because the diff is pretty hard to follow.