Re: revocation requirement (was Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations)

On 10/29/2015 07:38 AM, Nick Doty wrote:
> On Oct 29, 2015, at 3:19 PM, Martin Thomson <martin.thomson@gmail.com
> <mailto:martin.thomson@gmail.com>> wrote:
>>
>> On 29 October 2015 at 15:15, Nick Doty <npdoty@w3.org
>> <mailto:npdoty@w3.org>> wrote:
>>> If, to comply with that, we should add a requirement to
>>> draft-ietf-rtcweb-security-arch for revocation, which it sounds like
>>> implementing browsers already support, just let us know where to
>>> send the
>>> pull request.
>>
>> I think that mediacapture is a more reasonable place to house that
>> sort of requirement.
>
> Currently there is a non-normative suggestion about this in Media
> Capture and Streams section on Privacy and Security Considerations. 
> http://w3c.github.io/mediacapture-main/#privacy-and-security-considerations
>
> Per the comments in PING's earlier message, we believe it would be
> useful to make this a normative requirement.
> https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0028.html
>
> As a mechanical matter, should we make a pull request to Media Capture
> and Streams? Or if the editors typically resolve these themselves,
> that's great.

We've tried to address the issues we raised as a result of the PING
message (3 of them), but I'm happy to see a pull request with specific
language.

Note that the whole privacy and security considerations section is
marked non-normative; if any MUST-strength language is to be added, it
needs to go in the description of the mechanism it's a MUST for, and be
referenced by the privacy and security considerations.

Received on Tuesday, 17 November 2015 08:42:16 UTC