W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Review of WebRTC 1.0 from Web Application Security Working Group

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Mon, 1 Feb 2016 10:16:02 +0000
To: Brad Hill <hillbrad@fb.com>, "dveditz@mozilla.com" <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B3745562E@ESESSMB209.ericsson.se>
Dear Web Application Security Working Group,

The WebRTC Working Group is working toward publishing the WebRTC 1.0 
specification to Candidate Recommendation and is thus seeking wide 
review on the document:

https://www.w3.org/TR/2016/WD-webrtc-20160128/

We are particularly interested on feedback on the following aspects from 
WebAppSec:

- the security considerations (which were updated based on the TAG 
security review questionnaire),
- more specifically, the risks associated with exposing IP addresses as 
part of the establishment of the P2P connection,
- the mechanics of the identity provider described in the identity section,
- the notion of isolated mediastreams and its relationship with other 
isolation mechanisms in the Web platform.

We of course also welcome feedback on any other aspect of the specification..

We would appreciate if that feedback could be provided before the week 
of February 22 where our next meeting in scheduled, and no later than 
March 1st.

If you have any comments, we prefer you submit them as Github issues:
https://github.com/w3c/webrtc-pc/issues
Alternatively, you can send your comments by email to public-webrtc@w3.org.

Thanks,

For the WebRTC co-chairs,
Stefan Håkansson

Received on Monday, 1 February 2016 10:17:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC