W3C home > Mailing lists > Public > public-webrtc@w3.org > April 2014

Re: Security considerations - a proposal

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 23 Apr 2014 09:20:33 -0700
Message-ID: <CABkgnnU=GRCcSzvz9+o+myFex8OHZrjaZ5v=+Tfse2cJbooQ8g@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 23 April 2014 04:53, Harald Alvestrand <harald@alvestrand.no> wrote:
> Security considerations

Most of these considerations are comm-sec issues that are already
handled in various IETF documents.

I've no fundamental objection to that, particularly as a set of
pointers, but I think that the focus needs to be on the web platform.
There are probably a bunch of web platform issues that we need to
highlight.  One that springs to mind is the range of concerns around
user consent or lack thereof.  Noting that a data channel can be
created to an arbitrary peer without user consent, and why, might go
some way to addressing a commonly raised, but invalid concern.  Less
necessary, but in a similar vein, is discussion of access to
processing and bandwidth resources.

One such concern here is that this API enables the distribution of
media to other entities.  The security properties of the web demand
that cross origin content be inaccessible to content.  Some text on
that subject is probably appropriate.  (Yes, you can stick me with
that last one, but it might take me a little while.)
Received on Wednesday, 23 April 2014 16:21:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:38 UTC