W3C home > Mailing lists > Public > public-media-capture@w3.org > April 2014

Re: gUM and persistent permissions

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 29 Apr 2014 09:29:02 +0200
Message-ID: <535F54BE.20300@alvestrand.no>
To: public-media-capture@w3.org
On 04/28/2014 09:00 PM, Martin Thomson wrote:
> On 28 April 2014 11:52, Martin Thomson <martin.thomson@gmail.com> wrote:
>> We talked in the past about forbidding the persistence of permissions
>> for non-secure origins (e.g., http://example.com).
>>
>> I know that we've talked about this on numerous occasions and we seem
>> to have had agreement, but I can't find any record of it in the spec.
> In the interests of forward progress, how about:
>
> User agents MUST NOT rely on persisted permissions for origins that
> are not strongly authenticated, such as "http" origins.  Such origins
> can be trivially spoofed by a network attacker, which could be
> exploited to gain access to media devices.
>
> Throw in there anywhere.  Maybe in with Harald's newly proposed
> security/privacy considerations.
>
Actually it's in an IETF document.

draft-ietf-rtcweb-security-arch-09 section 5.2

    Because HTTP origins cannot be securely established against network
    attackers, implementations MUST NOT allow the setting of permanent
    access permissions for HTTP origins.  Implementations MAY also opt to
    refuse all permissions grants for HTTP origins, but it is RECOMMENDED
    that currently they support one-time camera/microphone access.

Should we repeat the requirement here in the W3C document?

If so, I think it should be in section 10, "Obtaining local multimedia 
content".
There's a "Best Practice 1: Resource reservation" that is relevant, but 
I think we should have a hard requirement in a section that's not 
labelled "Implementation Suggestions", so I suggest we add a new section 
here.

          Harald
Received on Tuesday, 29 April 2014 07:29:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:26 UTC