On 15/02/2019 0:10, Cullen Jennings wrote:
On Feb 13, 2019, at 5:03 PM, Sergio Garcia Murillo <sergio.garcia.murillo@xxxxxxxxx> wrote:
On 13/02/2019 23:48, Nils Ohlmeier wrote:
While implementation convenience was part of the discussion it was raised a few times that the people in favor of allowing SSRC mutability never provided any written description of why mutating the SSRC is not a problem as pointed out by the design team.
Moreover, in the (maybe not so) near future of ssrc-less signaling (at least in webrtc), where the MID extensions are HBH, how would ssrc rewriting even be a potential risk?
Has this group analyzed the implications and new attacks that this may cause?
Best regards
Sergio
I know you understand this stuff too well to really believe what you just wrote so it comes across as feeling like FUD. You know that most WebRTC does not use any SSRC in the signaling at all and the WebRTC security dose not change if the ssrc are signaled or not.
Has it been analyzed? YES OF COURSE IT HAS - the whole of webrtc security drafts and security section of of the related WebRTC drafts are written based on the security being ssrc-less signaling.
I was not referring to WebRTC security, which obviously has been
addressed. I was referring to the impact on the splicing attack
mentioned as the main reason to forbid ssrc rewriting in PERC.
Best regards
Sergio
