- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 3 Dec 2013 15:07:05 -0800
- To: Yoav Nir <synp71@live.com>
- Cc: James M Snell <jasnell@gmail.com>, Tim Bray <tbray@textuality.com>, ChanWilliam(ιζΊζ) <willchan@chromium.org>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 3 December 2013 14:37, Yoav Nir <synp71@live.com> wrote: > It might be prudent to sacrifice expediency and block all access through > unrecognized proxies. Adding an explicit proxy would then have to be done > through a different UI, not a prompt that surprises a user who is trying to > do something. That's exactly what we've decided to do for screen sharing in WebRTC. It's got a similar sort of security profile: deceptively simple, but in practice there are subtleties users cannot be expected to evaluate. In that context, Chrome - the only browser thus far to even have screen sharing support - have decided to move access to this into their extension framework. In order to enable screen sharing in Chrome, sites will need to use an extension that enables screen sharing for their site. That hasn't been a universally popular decision, but I believe it to be a reasonable one given the nature of the problem. It takes the decision off the critical path; it allows for revocation of rights when there are bad actors; etc... I'm not suggesting that this is the right decision here, but some greater awareness of the sorts of things people are doing when presented with similarly tough decisions can't hurt.
Received on Tuesday, 3 December 2013 23:07:33 UTC