- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 23 Apr 2014 09:20:33 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 23 April 2014 04:53, Harald Alvestrand <harald@alvestrand.no> wrote: > Security considerations Most of these considerations are comm-sec issues that are already handled in various IETF documents. I've no fundamental objection to that, particularly as a set of pointers, but I think that the focus needs to be on the web platform. There are probably a bunch of web platform issues that we need to highlight. One that springs to mind is the range of concerns around user consent or lack thereof. Noting that a data channel can be created to an arbitrary peer without user consent, and why, might go some way to addressing a commonly raised, but invalid concern. Less necessary, but in a similar vein, is discussion of access to processing and bandwidth resources. One such concern here is that this API enables the distribution of media to other entities. The security properties of the web demand that cross origin content be inaccessible to content. Some text on that subject is probably appropriate. (Yes, you can stick me with that last one, but it might take me a little while.)
Received on Wednesday, 23 April 2014 16:21:04 UTC