- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Tue, 29 Apr 2014 09:29:02 +0200
- To: public-media-capture@w3.org
On 04/28/2014 09:00 PM, Martin Thomson wrote:
> On 28 April 2014 11:52, Martin Thomson <martin.thomson@gmail.com> wrote:
>> We talked in the past about forbidding the persistence of permissions
>> for non-secure origins (e.g., http://example.com).
>>
>> I know that we've talked about this on numerous occasions and we seem
>> to have had agreement, but I can't find any record of it in the spec.
> In the interests of forward progress, how about:
>
> User agents MUST NOT rely on persisted permissions for origins that
> are not strongly authenticated, such as "http" origins. Such origins
> can be trivially spoofed by a network attacker, which could be
> exploited to gain access to media devices.
>
> Throw in there anywhere. Maybe in with Harald's newly proposed
> security/privacy considerations.
>
Actually it's in an IETF document.
draft-ietf-rtcweb-security-arch-09 section 5.2
Because HTTP origins cannot be securely established against network
attackers, implementations MUST NOT allow the setting of permanent
access permissions for HTTP origins. Implementations MAY also opt to
refuse all permissions grants for HTTP origins, but it is RECOMMENDED
that currently they support one-time camera/microphone access.
Should we repeat the requirement here in the W3C document?
If so, I think it should be in section 10, "Obtaining local multimedia
content".
There's a "Best Practice 1: Resource reservation" that is relevant, but
I think we should have a hard requirement in a section that's not
labelled "Implementation Suggestions", so I suggest we add a new section
here.
Harald
Received on Tuesday, 29 April 2014 07:29:33 UTC