-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Double keying would be very useful, and in contexts other than WebRTC also.
I still think even in that case (where the deviceId is unique to the first-party/third-party combination), there should be no leakage until the user has first authorised the origin. And the authorisation should lapse after a reasonable period.
Mike
- -----Original Message-----
From: Georg Koppen [mailto:gk@torproject.org]
Sent: 01 July 2015 22:07
To: Eric Rescorla; Nick Doty
Cc: Mike O'Neill; public-privacy (W3C mailing list); Jan-Ivar Bruaroey
Subject: Re: Request for feedback: Media Capture and Streams Last Call
*** gpg4o | Unknown Signature from EDC67D98A97A53DC 1 10 01 1435784824 9 ***
Eric Rescorla:
> Martin Thomson has suggested using double keying here. Would people
> consider that
> satisfactory?
Yes. I think this is a good idea.
Georg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using gpg4o v3.4.103.5490 - http://www.gpg4o.com/
Charset: utf-8
iQEcBAEBAgAGBQJVlOG+AAoJEHMxUy4uXm2J+iUIAIemGxKZGQdNyCHXTqzAXlaP
7eU0ET/6mHWzL685vzzFP/WK1H6uuO5Iq9tmxCqx9fcQUfjYe0Vjdcruz7hZeEtD
Cbl0YH+ZsIAPvZoDi2XwERobQ0wKbrRJ0ZkUXDkV27lMyMTFzjD4C+D/FnF398KJ
hFM+bH5CAc1+gE5unAfpjvGc8PnbEka3dw236hAvO1xoscpTKQM4pCnuvY5+xQAf
Vve8gHyjpqPU/va93MiHW2NLqnhavU0YwTbnjKaLbYfbITLFS8ioVyFqQwhlam9b
mVmk9xOzCw91W9iIKqA1w+3I0CT6my+A2xZk5NUuuQ3/n2JNRORDK/DDFBXGzJg=
=5Jwf
-----END PGP SIGNATURE-----