W3C home > Mailing lists > Public > public-webrtc@w3.org > July 2011

Re: Not encrypting content (Re: [minutes] WebRTC F2F meeting Quebec City - 23 July 2011)

From: Randell Jesup <randell-ietf@jesup.org>
Date: Tue, 26 Jul 2011 10:50:42 -0400
Message-ID: <4E2ED442.40806@jesup.org>
To: public-webrtc@w3.org
On 7/26/2011 8:35 AM, Harald Alvestrand wrote:
> On 07/25/11 14:15, Randell Jesup wrote:
>> Agreed - for you and I, that definition of 'secure' is correct.  
>> Users as
>> a general class would never understand that distinction, which was where
>> I was thinking about.
>>
>> You can even argue against providing the user with any notification of
>> security, at least unless they ask to see it.  I'm not sure I'd 
>> agree, but
>> it is an argument you can make.
> Last time I was faced with this in an UI design context, we decided to 
> give a prominent UI warning if the call was NOT encrypted (and we 
> could detect that), and say nothing at all in case it was.
> The logic was that we could give no guarantees of security, but we 
> could guarantee that it was not secure..... as well as making the UI 
> as "quiet" as possible in the normal (encrypted) case.

Yes, that's generally a reasonable approach - though from our point of 
view it's more the responsibility of the app (which controls the primary 
UI).


-- 
Randell Jesup
randell-ietf@jesup.org
Received on Tuesday, 26 July 2011 14:52:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 July 2011 14:52:24 GMT