W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2015

Re: revocation requirement (was Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 17 Nov 2015 09:41:37 +0100
To: Nick Doty <npdoty@w3.org>, Martin Thomson <martin.thomson@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Rigo Wenning <rigo@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <564AE841.6080208@alvestrand.no>
On 10/29/2015 07:38 AM, Nick Doty wrote:
> On Oct 29, 2015, at 3:19 PM, Martin Thomson <martin.thomson@gmail.com
> <mailto:martin.thomson@gmail.com>> wrote:
>>
>> On 29 October 2015 at 15:15, Nick Doty <npdoty@w3.org
>> <mailto:npdoty@w3.org>> wrote:
>>> If, to comply with that, we should add a requirement to
>>> draft-ietf-rtcweb-security-arch for revocation, which it sounds like
>>> implementing browsers already support, just let us know where to
>>> send the
>>> pull request.
>>
>> I think that mediacapture is a more reasonable place to house that
>> sort of requirement.
>
> Currently there is a non-normative suggestion about this in Media
> Capture and Streams section on Privacy and Security Considerations. 
> http://w3c.github.io/mediacapture-main/#privacy-and-security-considerations
>
> Per the comments in PING's earlier message, we believe it would be
> useful to make this a normative requirement.
> https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0028.html
>
> As a mechanical matter, should we make a pull request to Media Capture
> and Streams? Or if the editors typically resolve these themselves,
> that's great.

We've tried to address the issues we raised as a result of the PING
message (3 of them), but I'm happy to see a pull request with specific
language.

Note that the whole privacy and security considerations section is
marked non-normative; if any MUST-strength language is to be added, it
needs to go in the description of the mechanism it's a MUST for, and be
referenced by the privacy and security considerations.



Received on Tuesday, 17 November 2015 08:42:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 17 November 2015 08:42:15 UTC