-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Double keying would be very useful, and in contexts other than WebRTC also. I still think even in that case (where the deviceId is unique to the first-party/third-party combination), there should be no leakage until the user has first authorised the origin. And the authorisation should lapse after a reasonable period. Mike - -----Original Message----- From: Georg Koppen [mailto:gk@torproject.org] Sent: 01 July 2015 22:07 To: Eric Rescorla; Nick Doty Cc: Mike O'Neill; public-privacy (W3C mailing list); Jan-Ivar Bruaroey Subject: Re: Request for feedback: Media Capture and Streams Last Call *** gpg4o | Unknown Signature from EDC67D98A97A53DC 1 10 01 1435784824 9 *** Eric Rescorla: > Martin Thomson has suggested using double keying here. Would people > consider that > satisfactory? Yes. I think this is a good idea. Georg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using gpg4o v3.4.103.5490 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJVlOG+AAoJEHMxUy4uXm2J+iUIAIemGxKZGQdNyCHXTqzAXlaP 7eU0ET/6mHWzL685vzzFP/WK1H6uuO5Iq9tmxCqx9fcQUfjYe0Vjdcruz7hZeEtD Cbl0YH+ZsIAPvZoDi2XwERobQ0wKbrRJ0ZkUXDkV27lMyMTFzjD4C+D/FnF398KJ hFM+bH5CAc1+gE5unAfpjvGc8PnbEka3dw236hAvO1xoscpTKQM4pCnuvY5+xQAf Vve8gHyjpqPU/va93MiHW2NLqnhavU0YwTbnjKaLbYfbITLFS8ioVyFqQwhlam9b mVmk9xOzCw91W9iIKqA1w+3I0CT6my+A2xZk5NUuuQ3/n2JNRORDK/DDFBXGzJg= =5Jwf -----END PGP SIGNATURE-----
Received on Thursday, 2 July 2015 07:01:44 UTC