W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2015

Re: Request for feedback: Media Capture and Streams Last Call

From: Greg Norcie <gnorcie@cdt.org>
Date: Thu, 4 Jun 2015 15:53:46 -0400
Message-ID: <CAMJgV7b0mL3k74bxGyxgLzSFtP3fVON5dekE6DuA+CeJ0WJ-Wg@mail.gmail.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi all,

Sorry for the late reply.

Overall, this spec looks really good, we at CDT just had a few small
suggestions:

   1. It would be nice if there was a simple, user friendly way to revoke
   consent for a stream (especially audio/webcam streams). As it currently
   stands, once consent is granted there doesn't seem to be simple way to
   revoke it.
   2. In section 10.6, it is stated that persistent permissions must be be
   served over HTTPS and have no mixed content. It would be nice to see the
   "definition" of mixed content expanded to include the various issues
   mentioned in Bonneau's recent paper[1]. For example, if a site elects to
   use pinning, it should be considered to have mixed content if it loads
   non-pinned content.

Also, as an aside, we used the TAG questionnaire, and while it was very
useful, we think it could use some tweaking. And in the spirit of open
source, we'll be proposing some tweaks (probably sometime late next week)

[1] http://www.jbonneau.com/doc/KB15-NDSS-hsts_pinning_survey.pdf
Received on Thursday, 4 June 2015 20:02:09 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 4 June 2015 20:02:10 UTC