Worried about WhatsApp MITM? Chrome,Firefox etc claimed WebRTC doesn't actually implement spec: https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-05#section-5.7.1 … Skips 5.5 IU reqmt.
-
-
Replying to @dlmetcalf
Think WebRTC is providing end-to-end encryption guarantees? As currently implemented (versus as spec'd), it doesn't. https://textslashplain.com/2017/01/14/the-line-of-death/ …
1 reply 4 retweets 3 likes -
Replying to @dlmetcalf
The WebRTC specification even clearly spells out that it can be man-in-the-middle attacked, unless the missing inspection i'face is provided
1 reply 0 retweets 0 likes -
Replying to @dlmetcalf
RedPhone, for eg, provides short authentication strings (well done by OWS). Current WebRTC impls don't, but people think it happns magically
1 reply 0 retweets 0 likes -
Replying to @dlmetcalf
"A user-oriented client MUST provide an "inspector" interface which allows the user to determine the security characteristics of the media"
1 reply 0 retweets 1 like -
Replying to @dlmetcalf
Note, the media that WebRTC is referring to here, is over SRTP transport, not HTTPS. So the browser padlock does *NOT* apply. Insufficient.
2 replies 0 retweets 1 like
"Padlock does not apply" is a bug in itself. If there are any resources, including WebRTC, that aren't secure, must show "broken"
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.