revocation requirement (was Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations)

On Oct 29, 2015, at 3:04 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> I'm not
> very versed in IETF process and Specification writing. But aren't those
> reflecting the requirements from Stephen during review asking for MUST revoke?
> 
> I don't recall any decision to add normative text for MUST revoke. However,
> despite that, both browsers allow this. If someone wanted to send a PR
> for that text, I would be fine with that.

I believe Rigo is referring to this text in RFC 7478:

   The browser must provide mechanisms for users to revise and even
   completely revoke consent to use device resources such as camera and
   microphone.
http://tools.ietf.org/html/rfc7478#section-4.2 <http://tools.ietf.org/html/rfc7478#section-4.2>

If, to comply with that, we should add a requirement to draft-ietf-rtcweb-security-arch for revocation, which it sounds like implementing browsers already support, just let us know where to send the pull request.

—Nick

Received on Thursday, 29 October 2015 06:15:53 UTC