Re: Discussion on authenticated origins (was Re: CfC: only allow authenticated origins to call getUserMedia)

On Tue, Oct 7, 2014 at 10:50 PM, Stefan HÃ¥kansson LK <
stefan.lk.hakansson@ericsson.com> wrote:

> On 07/10/14 18:10, Eric Rescorla wrote:
> > On Tue, Oct 7, 2014 at 8:59 AM, Justin Uberti <juberti@google.com
> > <mailto:juberti@google.com>> wrote:
> >
> >     I am not OK with this, as described, for three reasons:
> >     1) there is already substantial incentive for apps to use
> >     authenticated origins, e.g. persistent permissions in chrome,
> >     browsers marking https origins favorably
> >
> >
> > Firefox also allows persistent permissions (I believe) FF 33 (due out
> > mid-month),
> > but only for HTTPS.
> >
> >     2) this breaks real, existing applications, e.g.
> http://webcamtoy.com/
> >     3) makes trying/experimenting with webrtc difficult, e.g.
> >     http://jsfiddle.net, or http://localhost
> >
> >     We still want to encourage HTTPS, of course, so I think it would be
> >     fine to have console warnings or similar methods of persuasion.
> >
> >
> > I agree with Justin's position.
> >
> > As Adam mentioned in another thread, it's hard to think of a clearer
> > case of informed
> > user consent, so this doesn't seem like it has special security benefit
> > aside from the
> > benefit of deprecating non-HTTPS everywhere.
>
> It is a very informed user consent, but I worry about http delivered
> sites that are legit, with returning users. Each time they approve the
> use of camera and microphone (because the app needs them for its
> purpose), but the app may be compromised by a MITM that uses the tracks
> generated for bad things in addition to the intended functionality.
>

Yes. I didn't say it was necessarily wise (though in many cases it's
fine). I said it was informed.

-Ekr

Received on Wednesday, 8 October 2014 14:03:15 UTC