W3C home > Mailing lists > Public > public-media-capture@w3.org > September 2014

Re: getUserMedia() and authenticated origins

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Wed, 10 Sep 2014 13:50:14 +0000
To: Eric Rescorla <ekr@rtfm.com>
CC: Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D063EA5@ESESSMB209.ericsson.se>
On 10/09/14 15:18, Eric Rescorla wrote:
>

> P.S. I think the question of WebRTC identity is kind of a red herring here.
> It's possibly to use Identity + Isolated Streams to build a
> system which doesn't require any trust at all in the site, but I would
> expect that any site which used these features would be security
> conscious and so would run HTTPS in any case.

I agree, I've always thought that sort of telling users that "use this 
site in spite of not trusting it fully, even allow it to access camera 
and mike since the streams are isolated and PeerIdentity is used" is 
problematic and something we should not encourage.


Received on Wednesday, 10 September 2014 13:50:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC