Re: WS/Service Workers, TLS and future apps - [was Re: HTTP is just fine] from Florian Bösch on 2015-12-02 (public-webappsec@w3.org from December 2015)

From: Florian Bösch <pyalot@gmail.com>
Date: Wed, 2 Dec 2015 13:18:39 +0100
To: Aymeric Vitte <vitteaymeric@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, Richard Barnes <rbarnes@mozilla.com>, "Web Applications Working Group WG (public-webapps@w3.org)" <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOK8ODhtsE2MJ=baK_sH-ziNvxOXdRryhy2QWUEx_kDk8XdAKg@mail.gmail.com>

On Wed, Dec 2, 2015 at 12:50 PM, Aymeric Vitte <vitteaymeric@gmail.com>
wrote:
>
> Then you should follow your rules and apply this policy to WebRTC, ie
> allow WebRTC to work only with http.
>

Just as a sidenote, WebRTC also does UDP and there's no TLS over UDP. Also
WebRTC does P2P, and there's no certificates/authorities there (you could
encrypt, but I don't think it does even when using TCP/IP (which it doesn't
in case of streaming video over UDP).

Received on Wednesday, 2 December 2015 12:19:08 UTC