12316 – We should add a checksum here to make it impossible for attackers to modify messages en-route. The HMAC-SHA1 of the cyphertext using as a key the HMAC-SHA1 of ice-key + a second salt should be sufficient. See also http://krijnhoetmer.nl/irc-logs/whatwg/20

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 12316 - We should add a checksum here to make it impossible for attackers to modify messages en-route. The HMAC-SHA1 of the cyphertext using as a key the HMAC-SHA1 of ice-key + a second salt should be sufficient. See also http://krijnhoetmer.nl/irc-logs/whatwg/20

Summary: We should add a checksum here to make it impossible for attackers to modify m...

Status:	RESOLVED FIXED

Alias:	None

Product:	WHATWG
Classification:	Unclassified
Component:	HTML (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	Unsorted
Assignee:	Ian 'Hixie' Hickson
QA Contact:	contributor

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-03-16 07:09 UTC by contributor
Modified:	2012-07-18 18:47 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description contributor 2011-03-16 07:09:11 UTC

Specification: http://www.whatwg.org/specs/web-apps/current-work/complete.html
Section: http://www.whatwg.org/specs/web-apps/current-work/complete.html#transmit-a-data-packet-to-a-peer

Comment:
We should add a checksum here to make it impossible for attackers to modify
messages en-route. The HMAC-SHA1 of the cyphertext using as a key the
HMAC-SHA1 of ice-key + a second salt should be sufficient. See also
http://krijnhoetmer.nl/irc-logs/whatwg/20110316#l-268 onwards.

Posted from: 76.102.14.57 by ian@hixie.ch
User agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16

Comment 1 Ian 'Hixie' Hickson 2011-03-28 23:59:10 UTC

Done.