Re: Extending createObjectUrl to MediaStream?

On Tue, Sep 3, 2013 at 6:37 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> Imagine that you and I want to talk, and we don't trust the site to
> not look at the media we are sending each other.  This is a mechanism
> whereby our two browsers are able to ensure that the media is
> protected from observation or modification by the site.
>
> In essence, the content of the media is marked as untouchable by the
> site in the same way that cross domain images can't be read or cross
> domain frames can't be touched in any meaningful way, except with
> express consent (through postMessage).
>
> If you are interested in learning more about this, I'm happy to
> explain offline.  I'm sure that there are plenty of others who
> understand sufficiently too.

Okay, so MediaStream's would have an internal tainted flag that would
be used by APIs to prevent reading data out of the media stream except
for the P2P API and the video playback API? How would you prevent the
page from setting up a P2P connection with its origin server?


-- 
http://annevankesteren.nl/

Received on Tuesday, 3 September 2013 19:50:40 UTC