Re: revocation requirement (was Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations) from Eric Rescorla on 2015-10-29 (public-privacy@w3.org from October to December 2015)

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Oct 2015 15:29:11 +0900
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Nick Doty <npdoty@w3.org>, Rigo Wenning <rigo@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <CABcZeBNOXJEA9hQ6dN42dFR7rNBukL8+AyZorYMsVGe+WGLkSA@mail.gmail.com>

I would also be fine with that. Generally, we have been levying security
requirements in the IETF documents, but I'm certainly happy to do less.

-Ekr

On Thu, Oct 29, 2015 at 3:19 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 29 October 2015 at 15:15, Nick Doty <npdoty@w3.org> wrote:
> > If, to comply with that, we should add a requirement to
> > draft-ietf-rtcweb-security-arch for revocation, which it sounds like
> > implementing browsers already support, just let us know where to send the
> > pull request.
>
> I think that mediacapture is a more reasonable place to house that
> sort of requirement.
>

Received on Thursday, 29 October 2015 06:36:54 UTC