- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Thu, 08 Feb 2024 18:53:15 +0000
- To: public-webrtc-logs@w3.org
> I guess my main concern was that the handle can be spoofed - what's stopping someone from re-setting the capture handle, with some other handle config? Indeed, you should only trust the handle if you either (1) trust the origin, which is unspoofable, or (2) the handle is unfakeable, e.g. if it's signed somehow. For (1), it's worth mentioning that only the top-level document may set or edit the handle. So if your concern was that an embedded iframe might have spoofed it - you shouldn't worry about that, at least. > If not, then this would support our use case, although the only downside then would be browser support - as this seems to only be a chrome feature. Increased Web developer demand might help convince additional browsers to support this. (Full disclosure - I work for Google and I designed and implemented the feature in Chrome.) > We are also considering the stenographic approach - where we ask the captured side to embed a QR code. On the capturing side, we'd process the captured side's mediastream and run it through a video processor in order to decode the QR code. This would give us more browser support - was wondering what your thoughts were on that. I have also considered this possibility and have [pointed it out](https://github.com/w3c/mediacapture-handle/blob/main/identity/explainer.md#improvements-over-steganography) in the explainer. But Capture Handle has some benefits in that it is: * Simpler to use * More reliable (other content would not accidentally draw over the QR code) * Cannot be spoofed (by cross-origin iframes that might draw QR codes) * Is more private (only allowlisted readers can observe the handle, unlike with a QR code) Given that only the captured page's top-level can **set** the handle, and that you can limit exposure to an allowlist of capturing origins, I think setting the `handle` to the URL and setting `exposeOrigin: true` should work for you much better than steganography. Wdyt? (That said, longer-term, of course a dedicated mechanism for URL-exposure would be better for you.) -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-handle/issues/73#issuecomment-1934744942 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 8 February 2024 18:53:17 UTC