webrtc-stats icon indicating copy to clipboard operation
webrtc-stats copied to clipboard

Published 20 hours ago verified publisher icon w3c

Do not expose unknown usernameFragment to stats

Open fippo opened this issue 1 year ago • 1 comments

https://github.com/webtorrent/webtorrent/issues/288#issuecomment-2433534469 points out that the remote ICE usernameFragment (added in https://github.com/w3c/webrtc-stats/pull/611) can act as a sidechannel (and while it is authenticated, it lacks encryption).

In theory one can skip signaling in one direction that way. We should only expose the remote usernameFragment on prflx candidates if it is known by signaling.

fippo avatar Oct 28 '24 08:10 fippo

I think this is an obvious fix, and should be marked "ready for PR".

alvestrand avatar Oct 29 '24 12:10 alvestrand

Do we need to put it on the WG agenda?

fippo avatar Jan 03 '25 18:01 fippo

This issue had an associated resolution in WebRTC February 2025 meeting – (Issue #789 Do not expose unknown usernameFragment to stats.):

RESOLUTION: Support, review the PR again.

dontcallmedom-bot avatar Feb 26 '25 09:02 dontcallmedom-bot