rtcweb-wg/security-arch

Issues

• Avoid cross-protocol attacks with IdPs

  #94 opened 5 years ago by ekr
  0

• What happens if fingerprints don't change but the identity line does

  #95 opened 5 years ago by ekr
  1

• Clarify that what's generic in the IdP interaction is the protocol

  #93 opened 5 years ago by ekr
  1

• Address Ben Kaduk's IESG comments

  #90 opened 5 years ago by seanturner
  0

• Address Ben Kaduk's IESG Discusses

  #89 opened 5 years ago by seanturner
  1

• Use the usual headings for new SDP attributes

  #76 opened 6 years ago by martinthomson
  3

• Prohibit false start.

  #82 opened 6 years ago by ekr
  8

• Possible identity assertion reuse across origins

  #65 opened 6 years ago by murillo128
  1

• Open Source WebRTC IdP

  #36 opened 7 years ago by Pierpaolo1992
  2

• Remove mention of rtcweb://

  #41 opened 7 years ago by martinthomson
  1

• More fixes

  #30 opened 7 years ago by martinthomson
  2

• For identity in the SDP: describe how multiple identity attributes work, as well as parsing of identity

  #37 opened 7 years ago by stefhak
  3

• Unicode normalization and the role of confusable characters

  #11 opened 7 years ago by martinthomson
  0

• Is port number allowed in the idp.domain field for identity assertion result?

  #42 opened 7 years ago by soareschen
  8

• Add section on certificate management

  #32 opened 7 years ago by martinthomson
  2

• Determining the IdP URI

  #43 opened 7 years ago by soareschen
  3

• One DTLS connection per component

  #27 opened 7 years ago by martinthomson
  3

• Remove NULL cipher example

  #48 opened 7 years ago by seanturner
  1

• Remove Appendix A

  #46 opened 7 years ago by seanturner
  1

• Update reference to RFC7675

  #47 opened 7 years ago by seanturner
  1

• Publish github.io from master branch

  #35 opened 7 years ago by alvestrand
  1

• Check text on where a=identity lives

  #29 opened 7 years ago by martinthomson
  1

• Downgrade note in commsec section is out of date

  #9 opened 7 years ago by martinthomson
  0

• Bogus requirement on gUM persistent permissions

  #22 opened 7 years ago by ekr
  0

• Prohibit MKI use

  #25 opened 7 years ago by martinthomson
  0

• Need text for what to do in only-VPN mode

  #31 opened 7 years ago by juberti
  1

• Prohibit DTLS renegotiation

  #26 opened 7 years ago by martinthomson
  0

• a=fingerprint generation and handling

  #24 opened 7 years ago by martinthomson
  0

• Can't parse sentence

  #21 opened 7 years ago by stefhak
  0

• Remove md5 and md2 from a=fingerprint

  #10 opened 7 years ago by martinthomson
  3

• Make sure that we don't use SDES

  #28 opened 7 years ago by martinthomson
  0

• Clarify configuration of SRTP regarding RTCP encryption

  #34 opened 7 years ago by gloinul
  0

• Lacking ref and clear naming of Security Descriptions in MUST NOT be offered

  #40 opened 7 years ago by gloinul
  1

• SDES versus Security Descriptions

  #13 opened 7 years ago by ekr
  0

• Change MTI cipher suites to match non-requirement for DTLS 1.0

  #17 opened 7 years ago by ekr
  2

• Reference RTCP security considerations

  #5 opened 10 years ago by ekr
  0

• Clean up text about IFRAME vs. Popup preferences

  #1 opened 10 years ago by ekr
  2

• Protocol is an opaque string

  #2 opened 10 years ago by martinthomson
  0