W3C home > Mailing lists > Public > public-webrtc@w3.org > March 2013

Re: [rtcweb] Notes on security for browser-based screen/application sharing

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 22 Mar 2013 10:10:36 -0700
Message-ID: <CABkgnnUXPqH9JLcH8o-oKdirb6H-iGtKJ752h9jL0+_8usD6ZA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>
The other day Matthew suggested that his best solution for employee
motivation was to release a hungry lion into the office at random
times.  The more I think on the subject, the more this seems that this
is exactly what we are doing.

On 22 March 2013 07:17, Eric Rescorla <ekr@rtfm.com> wrote:
> This doesn't sound very implementable. First, if you're sharing primarily by
> pixel
> capturing out of the window, trying to figure out which pixels represent
> which
> origins is going to be a huge pain for the implementor. Second, many sites
> as a practical matter are composed of content from multiple origins
> (images out of a CDN, domain sharding, etc.) The result of what you propose
> is going to be that such sites will not render properly when shared. I
> suspect that sites will simply ask for "The browser".

The modern web reality is that any one page consists of content from
many different sources, so restricting to one source is impractical.
>From an implementation perspective, it might be possible to restrict
to untainted content (the content that the page origin can access),
but that would probably result in something that is virtually useless.
 Just like that interesting (redacted) document that contains
(redacted).

I suggested to EKR that perhaps we could devise an opt-out for truly
sensitive information using Frame-Options so that sensitive content
could be hidden, but even that seems a little weak.
Received on Friday, 22 March 2013 17:11:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:33 UTC