Don't fire SRD() events until target peer identity has been verified. #2251
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1417,6 +1417,17 @@ <h4>Set the RTCSessionDescription</h4> | |
| </li> | ||
| </ol> | ||
| </li> | ||
| <li> | ||
| <p>If <var>description</var> is set as a remote description and | ||
| is applied successfully, and a <a>target peer identity</a> is | ||
| set, then the user agent MUST wait for | ||
| <a href="#dfn-validate-the-identity">identity validation</a> | ||
| to complete before proceeding to the next step. If | ||
| <a href="#dfn-validate-the-identity">identity validation</a> | ||
| fails, <a>reject</a> <var>p</var> with a newly | ||
| <a data-link-for="exception" data-lt="create">created</a> | ||
| <code>OperationError</code>, and abort these steps.</p> | ||
|
There was a problem hiding this comment. If the description was applied successfully, but we reject the promise and abort the steps, won't that mean that the JavaScript layer and the JSEP layer are out-of-sync? I.e. there may be JSEP transceivers or m= sections or whatnot, but no JavaScript equivalent RTCRtpTransceivers? There was a problem hiding this comment. Do we need to tell JSEP to roll back? There was a problem hiding this comment. You and @alvestrand make the same observation. In practice if your peer connection has a target peerIdentity (cannot be changed), and you get a bad-identity remote description, you're most likely toast anyway and will want to discard the peer connection, unless there's hope you'll get a valid offer reasonably soon thereafter, in which case you apply SRD again (which is legal). A corner case may be a previously established connection without a target peerIdentity, then you set one, and then you get a bad-identity remote description. In this case I don't know whether having JSEP apply successfully is any worse than not applying it. To be safe we should probably just hold off applying anything until the identity is validated. Right now Firefox does it in parallel with SRD, an optimization with little benefit, I suspect. |
||
| </li> | ||
| <li> | ||
| <p>If <var>description</var> is applied successfully, the user | ||
| agent MUST queue a task that runs the following steps:</p> | ||
|
|
@@ -3257,8 +3268,8 @@ <h2>Methods</h2> | |
| <p>In addition, a remote description is processed to determine | ||
| and verify the identity of the peer.</p> | ||
| <p data-tests>If an <code>a=identity</code> attribute is present in the | ||
| session description, the browser <a data-cite="!WEBRTC-IDENTITY#sec.identity-verify-assertion">validates the identity | ||
| assertion</a>.</p> | ||
| <p>If the <a data-link-for="RTCConfiguration">peerIdentity</a> configuration is applied to the | ||
| <code><a>RTCPeerConnection</a></code>, this establishes a | ||
| <dfn id="target-peer-identity">target peer identity</dfn> of | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't make sense to apply the description before you have verified the identity, I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alvestrand Good point. @martinthomson WDYT?