W3C home > Mailing lists > Public > public-webrtc@w3.org > June 2013

Re: Security of cross-origin audio

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 3 Jun 2013 09:14:37 -0700
Message-ID: <CABkgnnWO3_MJssJb5Jx2SEKOf0_0P+nG9bkkFD_J-21h1X1Qhg@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 31 May 2013 01:15, Harald Alvestrand <harald@alvestrand.no> wrote:
> When addressing deliberate tampering, I'm not sure the case for audio is all
> that different from the case for video; video is also subject to copying
> through the "analog hole" much bemoaned by Hollywood DRM advocates - or by
> pointing a camera at the screen.

Yes, DRM doesn't work.  I wasn't talking about that.  I was talking
about the user agent protecting their users.

This might just be a restriction on getUserMedia when tainted output
is present.  That is, if I'm having a secured (peerIdentity
constrained) conversation with Stefan, then google.com cannot - at the
same time - sample my microphone and send that audio for "further
processing".  This might be behavior that the site can opt into with a
constraint, or it might be a consequence of choosing to use
peerIdentity/noaccess constraints.

On the converse, it would be nice to know that the audio that I'm
receiving is both a secured stream from Stefan mixed with some audio
that the site has selected or generated.
Received on Monday, 3 June 2013 16:15:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:33 UTC