W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2014

Re: CfC: only allow authenticated origins to call getUserMedia

From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 8 Oct 2014 09:04:27 -0700
Message-ID: <CABcZeBOzyhHMLYtqzKyVbgtF6i7jK2Yq-8+hbV8N_cLnCqVd5w@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Chris Palmer <palmer@google.com>, Justin Uberti <juberti@google.com>, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Wed, Oct 8, 2014 at 7:30 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Wed, Oct 8, 2014 at 3:56 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> > It is not generally true that *passive* network attackers will be able to
> > watch or listen to users in real-time, even if gUM is used without an
> > authenticated origin.
> As Chris pointed out earlier, the difference between passive/active is
> (becoming) marginal:
> http://lists.w3.org/Archives/Public/public-media-capture/2014Oct/0071.html

As Adam Roach has observed on a separate thread, this not a position
that has anything like consensus:


In any case, my comments were directed towards having an accurate
threat model, and regardless of the ease of active attack, it is not true
that the risks of gUM are the same for active and passive attackers.
I take it from your message that you agree with this point.


> Given the low cost, the vast amounts of information that could be
> collected in this way (even from normally authenticated but now
> sslstripped spoofed resources), it seems very likely this would be
> pursued.
> --
> https://annevankesteren.nl/
Received on Wednesday, 8 October 2014 16:05:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC