W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > May 2018

Re: [webrtc-stats] Should WebRTC be [SecureContext]

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Thu, 03 May 2018 11:17:13 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-386262184-1525346232-sysbot+gh@w3.org>
@ylafon I don't see how [SecureContext] is relevant for the stats document, simply because of how the rules are distributed between it and the webrtc-pc document - this document has no interfaces.
The webrtc-pc document has normative text for the API calls. The stats section (https://w3c.github.io/webrtc-pc/#sec.stats-model) has a "partial interface RTCPeerConnection".

The discussions when reviewing the webrtc-pc document led to a conclusion that it was compliant for a WebRTC implementation to only expose the interfaces in a secure context, and this is what people implement today - but the agreement was to not mandate it at the time.

I can't find a place where this is stated clearly offhand - most relevant I can find is here: https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-14#section-5.1 - but it doesn't constitute an outright "SecureContext" policy.

I don't think this is an issue for webrtc-pc, for the reasons given in the first para, but it might be reasonable to add it to the list of open issues for webrtc-pc, to be addressed when that spec recycles at CR.

GitHub Notification of comment by alvestrand
Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/347#issuecomment-386262184 using your GitHub account
Received on Thursday, 3 May 2018 11:17:17 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:44 UTC