[e] (0) Add some notes about data UDP media stream security. (didn't …

…mention integrity as we'll fix that -- i filed a bug on it) git-svn-id: http://svn.whatwg.org/webapps@5954 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Mar 16, 2011 · b6c635a · b6c635a
1 parent df10393
commit b6c635a
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 8 deletions.
diff --git a/complete.html b/complete.html
@@ -1009,8 +1009,9 @@ <h2 class="no-num no-toc" id=contents>Table of contents</h2>
    <li><a href=#stream-api><span class=secno>9.3 </span>Stream API</a></li>
    <li><a href=#peer-to-peer-connections><span class=secno>9.4 </span>Peer-to-peer connections</a></li>
    <li><a href=#the-data-stream><span class=secno>9.5 </span>The data stream</a></li>
-   <li><a href=#event-definitions-0><span class=secno>9.6 </span>Event definitions</a></li>
-   <li><a href=#event-summary><span class=secno>9.7 </span>Event Summary</a></ol></li>
+   <li><a href=#security-considerations><span class=secno>9.6 </span>Security considerations</a></li>
+   <li><a href=#event-definitions-0><span class=secno>9.7 </span>Event definitions</a></li>
+   <li><a href=#event-summary><span class=secno>9.8 </span>Event Summary</a></ol></li>
  <li><a href=#workers><span class=secno>10 </span>Web workers</a>
   <ol>
    <li><a href=#introduction-9><span class=secno>10.1 </span>Introduction</a>
@@ -72409,6 +72410,8 @@ <h3 id=peer-to-peer-connections><span class=secno>9.4 </span>Peer-to-peer connec
 
 
 
+  <div class=impl>
+
   <h3 id=the-data-stream><span class=secno>9.5 </span>The data stream</h3>
 
   <p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
@@ -72545,8 +72548,20 @@ <h3 id=the-data-stream><span class=secno>9.5 </span>The data stream</h3>
   <p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
   source</a>.</p>
 
+  </div>
+
+
+  <h3 id=security-considerations><span class=secno>9.6 </span>Security considerations</h3>
+
+  <p>A <a href=#data-udp-media-stream>data UDP media stream</a> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
 
-  <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
+
+
+  <h3 id=event-definitions-0><span class=secno>9.7 </span>Event definitions</h3>
 
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events
@@ -72557,6 +72572,8 @@ <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
   void <a href=#dom-closeevent-initcloseevent title=dom-CloseEvent-initCloseEvent>initCloseEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <a href=#stream>Stream</a> streamArg);
 };</pre>
 
+  <div class=impl>
+
   <p>The <dfn id=dom-streamevent-initstreamevent title=dom-StreamEvent-initStreamEvent><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
   similarly-named method in the DOM Events interfaces. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -72569,8 +72586,10 @@ <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
   stated) and is not cancelable (except where otherwise stated), and
   which uses the <code><a href=#streamevent>StreamEvent</a></code> interface with the <code title=dom-StreamEvent-stream><a href=#dom-streamevent-stream>stream</a></code> attribute set to <var title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
+
 
-  <h3 id=event-summary><span class=secno>9.7 </span>Event Summary</h3>
+  <h3 id=event-summary><span class=secno>9.8 </span>Event Summary</h3>
 
   <p class=XXX>...will add event summary for streams here...</p>
 

diff --git a/index b/index
@@ -1017,8 +1017,9 @@
    <li><a href=#stream-api><span class=secno>9.3 </span>Stream API</a></li>
    <li><a href=#peer-to-peer-connections><span class=secno>9.4 </span>Peer-to-peer connections</a></li>
    <li><a href=#the-data-stream><span class=secno>9.5 </span>The data stream</a></li>
-   <li><a href=#event-definitions-0><span class=secno>9.6 </span>Event definitions</a></li>
-   <li><a href=#event-summary><span class=secno>9.7 </span>Event Summary</a></ol></li>
+   <li><a href=#security-considerations><span class=secno>9.6 </span>Security considerations</a></li>
+   <li><a href=#event-definitions-0><span class=secno>9.7 </span>Event definitions</a></li>
+   <li><a href=#event-summary><span class=secno>9.8 </span>Event Summary</a></ol></li>
  <li><a href=#comms><span class=secno>10 </span>Communication</a>
   <ol>
    <li><a href=#event-definitions-1><span class=secno>10.1 </span>Event definitions</a></li>
@@ -72418,6 +72419,8 @@ local.onaddstream = function (event) {
 
 
 
+  <div class=impl>
+
   <h3 id=the-data-stream><span class=secno>9.5 </span>The data stream</h3>
 
   <p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
@@ -72554,8 +72557,20 @@ local.onaddstream = function (event) {
   <p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
   source</a>.</p>
 
+  </div>
+
+
+  <h3 id=security-considerations><span class=secno>9.6 </span>Security considerations</h3>
+
+  <p>A <a href=#data-udp-media-stream>data UDP media stream</a> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
 
-  <h3 id=event-definitions-0><span class=secno>9.6 </span>Event definitions</h3>
+
+
+  <h3 id=event-definitions-0><span class=secno>9.7 </span>Event definitions</h3>
 
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events
@@ -72566,6 +72581,8 @@ local.onaddstream = function (event) {
   void <span title=dom-CloseEvent-initCloseEvent>initCloseEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <a href=#stream>Stream</a> streamArg);
 };</pre>
 
+  <div class=impl>
+
   <p>The <dfn id=dom-streamevent-initstreamevent title=dom-StreamEvent-initStreamEvent><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
   similarly-named method in the DOM Events interfaces. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -72578,8 +72595,10 @@ local.onaddstream = function (event) {
   stated) and is not cancelable (except where otherwise stated), and
   which uses the <code><a href=#streamevent>StreamEvent</a></code> interface with the <code title=dom-StreamEvent-stream><a href=#dom-streamevent-stream>stream</a></code> attribute set to <var title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
+
 
-  <h3 id=event-summary><span class=secno>9.7 </span>Event Summary</h3>
+  <h3 id=event-summary><span class=secno>9.8 </span>Event Summary</h3>
 
   <p class=XXX>...will add event summary for streams here...</p>
 

diff --git a/source b/source
@@ -82649,6 +82649,8 @@ local.onaddstream = function (event) {
 
 
 
+  <div class="impl">
+
   <h3>The data stream</h3>
 
   <p>All <code>PeerConnection</code> connections include a <dfn>data
@@ -82810,6 +82812,18 @@ local.onaddstream = function (event) {
   title="concept-task">task</span> is the <span>networking task
   source</span>.</p>
 
+  </div>
+
+
+  <h3>Security considerations</h3>
+
+  <p>A <span>data UDP media stream</span> is encrypted, but that does
+  not solve all security problems. In particular, <strong>replay
+  attacks</strong> are possible. Scripts for which this would be a
+  problem should give each packet a unique identifier and refuse to
+  process the same packet twice.</p>
+
+
 
   <h3>Event definitions</h3>
 
@@ -82822,6 +82836,8 @@ local.onaddstream = function (event) {
   void <span title="dom-CloseEvent-initCloseEvent">initCloseEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in <span>Stream</span> streamArg);
 };</pre>
 
+  <div class="impl">
+
   <p>The <dfn
   title="dom-StreamEvent-initStreamEvent"><code>initStreamEvent()</code></dfn>
   method must initialize the event in a manner analogous to the
@@ -82841,6 +82857,8 @@ local.onaddstream = function (event) {
   title="dom-StreamEvent-stream">stream</code> attribute set to <var
   title="">stream</var>, must be dispatched at the given target.</p>
 
+  </div>
+
 
   <h3>Event Summary</h3>