- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 1 Sep 2014 20:21:12 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Received on Tuesday, 2 September 2014 03:21:39 UTC
On Sep 1, 2014 1:55 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote: > > On Fri, Aug 29, 2014 at 1:29 AM, Martin Thomson > <martin.thomson@gmail.com> wrote: > > Unlike other sources of script-accessible data, peer-to-peer data is > > not associated with an origin, so I think that the only thing to do is > > to clump all WebRTC data into a single group and identify that group > > with a keyword source. > > Could you perhaps explain or provide a pointer that explains the security model? https://tools.ietf.org/html/draft-rtcweb-security should do it. > > Thus, I'd like to suggest a new keyword-source of 'webrtc-data', > > governing the use of WebRTC data channels. That leaves the option to > > block 'webrtc-media' in the future. Alternatively, or in addition to > > that, a single keyword 'webrtc' might cover both, should that be > > desired. > > Should we tie the name to WebRTC or name this p2p/rtc in case other > protocols come along such as ORTC? ORTC is still going to be WebRTC. It is either 1.1 or 2.0, but the basic name is ok.
Received on Tuesday, 2 September 2014 03:21:39 UTC