EvilZone
Other => Found it on the Webs => : kenjoe41 June 09, 2013, 05:45:39 PM
-
The upcoming standard for real time communications on the web, WebRTC, currently makes DTLS mandatory to implement: All communications will be encrypted at all times with ephemerally keyed encryption. With DTLS-SRTP content interception will always be _possible_ to detect (e.g. by comparing session IDs) and when coupled with something like Persona (BrowserID) MITM becomes infesable. This is a massive step forward from today's Internet: Even where we have encryption it's almost user to service, not user to user and even that can usually be defeated by a downgrading attack.
https://news.ycombinator.com/item?id=5842008 (https://news.ycombinator.com/item?id=5842008)