Re: What is missing for building "real" services?

On Thu, Jan 9, 2014 at 12:49 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> I'm not sure what you're arguing here. Nobody says it's not
> a useful feature, but that doesn't make the security problems
> vanish. Similarly, nobody is saying that the browsers won't
> support this feature but I don't believe we're ready to offer
> it with the same low level of informed consent that is used
> for camera and microphone. Perhaps Justin will correct me
> if Chrome has different plans.../
>

I also do believe that screen sharing  which does not require plugin
install is required for real applications. As far as security is concerned,
I always thought that the best you can do with screen sharing in the
browser is to make the user explicitly pick what is shared every time
screen sharing is started and show some sort of indication around the
window when screen sharing is running. To start with I would even be fine
with one window at a time sharing (ie no desktop or monitor level sharing).

The problem I always had with plugins was, on one hand, that in enterprise
environment users will never install them unless they get approval from the
IT department, which practically means never for users in large companies
and products from smaller companies. On the other hand, if application
provided via a plugin is allowed to share screen without user consent, and
if this application provides any sort of API to integrate with other sites,
attacker site can use this API to look at user screen via a third party
app. In other words, if Big Screen Sharing Company has a plugin installed
in a lot of user computers, and if Big Screen Sharing Company provides an
API for their conferencing client to be embedded in other sites via iframe,
attacker can embed the screen sharing client and start spying on the user
unless there is a clear confirmation screen is presented to the user each
time screen sharing is started.
_____________
Roman Shpount