[webrtc-pc] Add a security/privacy note about remote SDP (#2193) from henbos via GitHub on 2019-05-03 (public-webrtc-logs@w3.org from May 2019)

From: henbos via GitHub <sysbot+gh@w3.org>
Date: Fri, 03 May 2019 10:41:44 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-439989590-1556880103-sysbot+gh@w3.org>

henbos has just created a new issue for https://github.com/w3c/webrtc-pc:

== Add a security/privacy note about remote SDP ==
The spec guards against malformed SDP and SDP that violates the spec, but it does not do anything to guarantee that you get the SDP that you expected.

For example, you might offer sendrecv and assume that if the remote endpoint accepts your offer, they will answer with sendrecv. An application that is not prepared for one-way media might be surprised about this.

This is more of a note to users of the APIs than to the browser implementers. Does a security/note in the "Privacy and Security Considerations" section make sense?

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2193 using your GitHub account

Received on Friday, 3 May 2019 10:41:46 UTC