On Oct 29, 2015, at 3:19 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 29 October 2015 at 15:15, Nick Doty <npdoty@w3.org> wrote: >> If, to comply with that, we should add a requirement to >> draft-ietf-rtcweb-security-arch for revocation, which it sounds like >> implementing browsers already support, just let us know where to send the >> pull request. > > I think that mediacapture is a more reasonable place to house that > sort of requirement. Currently there is a non-normative suggestion about this in Media Capture and Streams section on Privacy and Security Considerations. http://w3c.github.io/mediacapture-main/#privacy-and-security-considerations <http://w3c.github.io/mediacapture-main/#privacy-and-security-considerations> Per the comments in PING's earlier message, we believe it would be useful to make this a normative requirement. https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0028.html <https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0028.html> As a mechanical matter, should we make a pull request to Media Capture and Streams? Or if the editors typically resolve these themselves, that's great. > On 29 October 2015 at 15:29, Eric Rescorla <ekr@rtfm.com> wrote: >> I would also be fine with that. Generally, we have been levying security >> requirements in the IETF documents, but I'm certainly happy to do less. >> > I was under the impression that you were doing that within the WebRTC > context only. But there are requirements there as well. I wouldn't > object to a modest amount of duplication for something like this. Yeah, I would typically agree. I can submit a pull request to rtcweb-wg/security-arch as well. This wouldn't apply just to Web browsers. —Nick
Received on Thursday, 29 October 2015 06:39:03 UTC