W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: CSP for WebRTC

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 1 Sep 2014 10:55:49 +0200
Message-ID: <CADnb78hcU8H1UDn-+uKdWA+MdHkr2b6O0sthk7kWcfC7EV5-uQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Aug 29, 2014 at 1:29 AM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> Unlike other sources of script-accessible data, peer-to-peer data is
> not associated with an origin, so I think that the only thing to do is
> to clump all WebRTC data into a single group and identify that group
> with a keyword source.

Could you perhaps explain or provide a pointer that explains the security model?


> Thus, I'd like to suggest a new keyword-source of 'webrtc-data',
> governing the use of WebRTC data channels. That leaves the option to
> block 'webrtc-media' in the future.  Alternatively, or in addition to
> that, a single keyword 'webrtc' might cover both, should that be
> desired.

Should we tie the name to WebRTC or name this p2p/rtc in case other
protocols come along such as ORTC?


-- 
http://annevankesteren.nl/
Received on Monday, 1 September 2014 08:56:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC