- From: T H Panton <thp@westhawk.co.uk>
- Date: Fri, 17 Mar 2017 15:53:34 +0000
- To: Adam Roach <adam@nostrum.com>
- Cc: Cullen Jennings <fluffy@iii.ca>, Dominique Hazaƫl-Massieux <dom@w3.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>
> On 17 Mar 2017, at 15:35, Adam Roach <adam@nostrum.com> wrote: > > On 3/17/17 10:20, T H Panton wrote: >> (happy to take this off list if it helps). > > What would help is recognizing that "it's actually okay in the rare case when one of the parties is *also* the service provider" does little to address the vastly-more-popular case that the service provider is *not* a party to the conversation. True. Banks are an edge case (but actually an important one). What about the very common case where the service provider is also the identity provider for both parties - (I'm thinking of social networks etc)? In your threat model we have to trust them to supply identity validating javascript on one side of the barrier, but we don't trust them to check DTLS fingerprints on the other? Note, I'm not arguing that we don't need the identity provider mechanism - I am arguing that there are many situations where webRTC is useably secure without it. (conditional on you placing some trust somewhere beyond the browser maker). T.
Received on Friday, 17 March 2017 15:54:11 UTC