[FFmpeg-devel] Fix NTP time in RTCP SR packets

Michael Niedermayer michaelni
Mon Feb 18 20:23:08 CET 2008


On Mon, Feb 18, 2008 at 01:49:49PM -0500, Rich Felker wrote:
> On Mon, Feb 18, 2008 at 07:16:41PM +0100, Michael Niedermayer wrote:
> > Hi
> > 
> > On Mon, Feb 18, 2008 at 12:56:01PM +0100, Reimar D?ffinger wrote:
> > > Hello,
> > > On Mon, Feb 18, 2008 at 09:18:42AM +0100, Luca Abeni wrote:
> > > > Summing up, an "av_gettime_more_secure() based" solution is ok in a large
> > > > number of cases, but not always...
> > > > I believe the AVFMT_FLAG_USE_TIME flag can solve the problem, but I do not
> > > > know if it is overkilling. What do you think about it?
> > > 
> > > Maybe it does not matter much in this server case, but in general I
> > > think a flag to distinguish between the "I want to keep as many
> > > information/features as possible" and "I want to create a file I'd like
> > > to publish (almost) anonymously" modes of operation would be desirable.
> > 
> > The max anonymity is always default, i just think you are overparanoid with
> > the time in the case of streaming. Its not as if this would be stored in a
> > file ...
> > Also iam curious, can you point at a concrete case where knowing the exact
> > time of a system would significantly weaken its security?
> 
> Regardless, I don't think the lack of an ability to point out an
> exploit for information leaks is an excuse for tolerating them. 
> If the
> leaks can be avoided, 

The problem is that avoiding the leak is complicated and has disadvantages,
and in the absense of any known "exploit" it is unverifyable if the avoidance
is effective at all. Or if we are just writing more complex and less well
working code.
Also keep the following in mind
* If clocks are completely unsynced playback will fail due to data being
  unavailable at the time it should be displayed. And the mere fact that
  playback fails will tell you the sign of the clock drift.
* Any form of working clock sync leaks information about the clock of the
  other system.
* The better clock sync works, the more information is leaked.

Even if we never transmit any time but 0 the mere speed at which we deliver
packets leaks information about our clock. That is its accuracy and how it
drifts.
If you are affraid of these things you should definitly not stream any
video or audio, nor write any email, all these leak clock information.

Also if you mark everything as security relevant (compared to only what
has a known use (in)security wise) you simply end up with nothing being
safe to tranmitt.

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080218/f9eb4db1/attachment.pgp>



More information about the ffmpeg-devel mailing list