Fwd: WebRTC Security Assessment from Christine Runnegar on 2014-11-06 (public-privacy@w3.org from October to December 2014)

From: Christine Runnegar <runnegar@isoc.org>
Date: Thu, 6 Nov 2014 01:41:02 +0000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <254A9C82-715D-45A7-A39C-AD65AF01785A@isoc.org>

Forwarding to this list.

The document also covers privacy considerations.

Begin forwarded message:

> Resent-From: <public-web-security@w3.org>
> From: Rigo Wenning <rigo@w3.org>
> Subject: WebRTC Security Assessment
> Date: 5 November 2014 10:47:02 pm GMT+1
> To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org " <public-web-security@w3.org>, <public-webappse@w3.org>
> 
> Hi all, 
> 
> as promised to some of you during TPAC, the STREWS project has published 
> today the WebRTC Security Case Study. It was teamwork from the entire 
> project, but special thanks go to Stephen Farrell for constantly 
> cleaning and improving the document. 
> 
> The Document is published on the STREWS website under "results": 
> 
> http://www.strews.eu/results/91-d12
> 
> For your convenience, here is the abstract: 
> 
> Built-in handling of Real Time Media (audio, video) on the web promises 
> potentially significant change in telephony and in conference calling. 
> The W3C WebRTC and IETF rtcweb working groups are developing the set of 
> specifications that will allow browsers and web sites to support such 
> calling and other functions. This is clearly a potentially security 
> sensitive extension to the web, so STREWS has devoted effort on this 
> topic as a case study to both attempt to improve the overall security of 
> the result and to see if this approach holds promise as a way to improve 
> interactions between researchers and standards makers and hence the 
> overall security of the web. In this deliverable, we show some possibly 
> new issues with WebRTC security discovered by researchers (from SAP) 
> that the standards makers may not have considered. However, while this 
> deliverable is, as a deliverable, final, the work itself goes on, partly 
> involving discussions between the STREWS project and participants in the 
> IETF and W3C so in technical terms this remains a work-in-progress.
> 
> -- 
> Rigo Wenning (@rigow) - W3C Legal counsel

Received on Thursday, 6 November 2014 01:41:34 UTC