W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2014

Re: Discussion on authenticated origins (was Re: CfC: only allow authenticated origins to call getUserMedia)

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Thu, 9 Oct 2014 11:10:16 +0000
To: Eric Rescorla <ekr@rtfm.com>
CC: Justin Uberti <juberti@google.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D07D606@ESESSMB209.ericsson.se>
On 08/10/14 16:02, Eric Rescorla wrote:
>     It is a very informed user consent, but I worry about http delivered
>     sites that are legit, with returning users. Each time they approve the
>     use of camera and microphone (because the app needs them for its
>     purpose), but the app may be compromised by a MITM that uses the tracks
>     generated for bad things in addition to the intended functionality.
> Yes. I didn't say it was necessarily wise (though in many cases it's
> fine). I said it was informed.

The question is then if we leave this decision to the end user (this is 
what we have now), or change to stop this in the design (with 
consequences of breaking existing apps etc. as Justin pointed out).

Received on Thursday, 9 October 2014 11:10:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC