Closed
Description
At the ORTC CG meeting on May 13, Justin pointed out that passing incoming media to an RtpReceiver prior to verification of the remote fingerprint could permit a DTLS man-in-the-middle attack. So while we recognize the potential for incoming media in the DTLS "connecting" state, there probably should be a prohibition on passing decrypted media to an attacked RtpReceiver until the "connected" state is reached.