5. Security Considerations

An adversary with the ability to modify SDP descriptions has the ability to switch around tracks between MediaStreams. This is a special case of the general security consideration that modification of SDP descriptions needs to be confined to entities trusted by the application.

If implementing buffering as mentioned in Section 3.1, the amount of buffering should be limited to avoid memory exhaustion attacks.

Careless generation of identifiers can leak privacy-sensitive information. [W3C.CR-mediacapture-streams] recommends that identifiers be generated using a Universally Unique IDentifier (UUID) class 3 or 4 as a basis, which avoids such leakage.

No other attacks have been identified that depend on this mechanism.