W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2014

Re: CfC: only allow authenticated origins to call getUserMedia

From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 8 Oct 2014 15:04:43 -0700
Message-ID: <CABcZeBNa666mURnQduBCQmrbb0TKcjtBC38PMgMoO68yKs3ECA@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Justin Uberti <juberti@google.com>, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Wed, Oct 8, 2014 at 2:45 PM, Chris Palmer <palmer@google.com> wrote:

> TL;DR: We don't have time, user attention, or space to communicate
> crypto nuance. Therefore we must quantize the security guarantee
> upward.
> Read on, if you care...
> On Wed, Oct 8, 2014 at 9:04 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> > It is not generally true that *passive* network attackers will be able to
> > watch or listen to users in real-time, even if gUM is used without an
> > authenticated origin.
> I think you mean that purely passive attackers cannot always choose
> their target. Obviously you know that they can watch and listen to at
> least some target users' media, unless gUM uses secure transport.

I think perhaps you are misunderstanding the way that gUM works.
gUM just provides the JS with a handle to a media stream. That media
stream is not (by default) sent over the wire, but is just local to the
machine. So, the relevant question is how the Web application handles
that stream. This is explained in detail in the rest of the message you are
quoting here.


Received on Wednesday, 8 October 2014 22:05:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC