[jdev] New client; update client list
Emil Ivov
emcho at jitsi.org
Sun Jun 15 12:25:59 UTC 2014
On 13.06.14, 21:33, Philipp Hancke wrote:
> Am 13.06.2014 14:02, schrieb Emil Ivov:
>> Hey Marcel,
>>
>> Congrats for the release.
>
> same here, ^5 Klaus!
>
>> One question
>>
>> On 12.06.14, 18:40, Marcel Waldvogel wrote:
>>> * End-to-end encrypted audio and video calls from Firefox and Chrome
>>> without plugin
>>
>> Is this referring to WebRTC's use of DTLS-SRTP? Because, if so,
>> "end-to-end" is a bit misleading given that today's implementation of
>> DTLS-SRTP there is vulnerable to to MitM attacks from the service
>> provider.
>
> Well, it's end-to-end. It's not end-to-end with authenticated peers.
Sure but isn't that a core promise of and what's really meant by
end-to-end? Without that constraint SDES would also qualify.
Quoting wikipedia:
"The intention of end-to-end encryption is to prevent intermediaries,
such as Internet providers or application service providers, from being
able to discover or tamper with the content of communications. "
There's currently no such protection in WebRTC's current DTLS-SRTP
implementation.
Emil
--
https://jitsi.org
More information about the JDev
mailing list