Re: getUserMedia() and authenticated origins from Martin Thomson on 2014-09-10 (public-media-capture@w3.org from September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 10 Sep 2014 13:19:06 -0700
To: Jim Barnett <1jhbarnett@gmail.com>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <CABkgnnUcKeeKVB16Tgm6+tknqSG3c0F0uhgrib_+xS13QoxLYQ@mail.gmail.com>

On 10 September 2014 07:56, Jim Barnett <1jhbarnett@gmail.com> wrote:
> I share ekr's recollection.   This was discussed in a full room at a F2F
> meeting.  The consensus was that  ruling out http altogether was too
> restrictive.

Two other data points:

Restricting to HTTPS doesn't address the concerns that bz raised here:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972#c9

And it's been an express goal to build something where the security of
the origin performing signaling doesn't necessarily rely on any trust
in that site.

Received on Wednesday, 10 September 2014 20:19:34 UTC