W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2014

Re: [SPAM] Re: What is missing for building "real" services?

From: Roman Shpount <roman@telurix.com>
Date: Wed, 15 Jan 2014 18:13:53 -0500
Message-ID: <CAD5OKxtLOiwCZLq3-z9_qyGLe6DML07vB6cHTipHtmDqKXF0Eg@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Cc: Tim Panton new <thp@westhawk.co.uk>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
What happens when enterprise policy will prohibit the user from installing
extensions? At this point I see requirement to install extensions for
screen sharing only as a mechanism to penalize small new providers vs large
providers. For the large established providers extensions would be much
more likely to be pre-installed/approved by the enterprise IT team. It is
much less likely to happen for smaller new services.

I have mentioned earlier that extension mechanism serves no purpose at all
as far as security is concerned. The risk that attacker can share users
browser via a rouge WebEx ot GoToMeeting session is no different then the
risk that he can share users browser via a custom session he have created.
_____________
Roman Shpount


On Wed, Jan 15, 2014 at 5:34 PM, Justin Uberti <juberti@google.com> wrote:

> Blocking HTTPS makes it impossible to share a Google Docs doc or
> presentation
>
> Look, this is a hard problem, and we've come to a point where use of the
> screensharing feature in Chrome requires jumping through a hoop (i.e.
> installing an extension), but not a ridiculously difficult one. I suspect
> that web applications will find fairly elegant ways to incorporate this
> into their flow.
>
>
> On Mon, Jan 13, 2014 at 6:13 AM, Tim Panton new <thp@westhawk.co.uk>wrote:
>
>>
>> On 13 Jan 2014, at 00:40, Silvia Pfeiffer <silviapfeiffer1@gmail.com>
>> wrote:
>>
>>
>> A whitelist of bank sites?
>>
>>
>> Wouldn't bank sites always need to be "blacklisted" (i.e.: don't show
>> their content)?
>>
>>
>>  Strikes me that a good short term default would be that https:// sites
>> default
>> to not supporting screenshot. http:// sites allow it, as do any that
>> have the
>> meta-screenshot tag set.
>>
>> I realize that as more sites adopt https:// only practices this default
>> will dwindle in usefulness.
>>
>> T.
>>
>
>
Received on Wednesday, 15 January 2014 23:14:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:37 UTC