- From: Shwetank Dixit <shwetankd@opera.com>
- Date: Wed, 10 Sep 2014 19:02:09 +0530
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
- Message-ID: <CAERMemfPQvBVo68n99P=O9Fcks-qu4seiGTc9yBDEqCU-cvGbA@mail.gmail.com>
>There seem to be lots of uses of gUM that don't necessarily require crypto any more than (say) file uploads. To add to the point, someone can make an app using gUM without even involving any other part of WebRTC (like peerconnection or datachannels) ... so, a gUM app doesn't always have to be about *communication*. Considering such cases, I think it's fair to allow it to be using http. On Wed, Sep 10, 2014 at 6:47 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Wed, Sep 10, 2014 at 3:20 AM, Stefan Håkansson LK < > stefan.lk.hakansson@ericsson.com> wrote: > >> On 10/09/14 11:29, Anne van Kesteren wrote: >> > On Wed, Sep 10, 2014 at 11:08 AM, Stefan Håkansson LK >> > <stefan.lk.hakansson@ericsson.com> wrote: >> >> It is a long time ago, and I can't recollect all details on why we did >> >> arrive on allowing http sites to access. I think it was a combination >> of >> >> >> >> a) follow the geoLocation example >> >> b) the expressed wish to allow for secure communication when the app is >> >> from untrusted sites (using PeerIdentity) - these perhaps temporary >> >> sites could deliver over http >> > >> > a) set a bad precedent. I don't think we considered the implications >> > at the time. I don't understand how b) is feasible. How can you >> > communicate securely if the piece of software you just got could have >> > been manipulated by a third party? >> >> I think this is outlined in the documents I referred to, and if not >> there are several presentations by Ekr in the IETF folders. Ekr or >> Martin, you might want to step in here. > > > Thanks for raising this, Anne. > > As Stefan says, this was discussed extensively and I believe I even > suggested HTTPS-only on a slide somewhere and there wasn't really > support for it. I believe the discussion happened in a meeting, not > on a list, but it was clear enough that there wouldn't be consensus > to change the default assumption. I don't remember this being > primarily a question of test/demo pages as much as that there are > lots of sites that aren't HTTPS and don't want to go HTTPS. > > There seem to be lots of uses of gUM that don't necessarily require > crypto any more than (say) file uploads. For instance, uploading your > picture to use as your avatar on a site. And since it's forbidden to > have persistent permissions for HTTP, the risk is limited versus > (say) geo. > > The situation is a bit more complicated with PC since we already require > COMSEC. OTOH, the fact that we require DTLS means that even an > HTTP attacker has to be an active attacker. > > -Ekr > > > P.S. I think the question of WebRTC identity is kind of a red herring here. > It's possibly to use Identity + Isolated Streams to build a > system which doesn't require any trust at all in the site, but I would > expect that any site which used these features would be security > conscious and so would run HTTPS in any case. > > -- Shwetank Dixit Web Evangelist, Web Standards Team, Opera Software - www.opera.com
Received on Wednesday, 10 September 2014 13:32:58 UTC