- From: Randell Jesup <randell-ietf@jesup.org>
- Date: Thu, 13 Nov 2014 13:03:58 -0500
- To: public-webrtc@w3.org
On 11/6/2014 9:41 AM, Dominique Hazael-Massieux wrote: > Hi, > > The STREWS project, who co-organized the W3C/IAB workshop on Strengthening > the Internet Against Pervasive Monitoring (STRINT) back in February, has > just released their security assessment of WebRTC, from both a protocol > and API perspective: > http://www.strews.eu/images/webrtc.pdf (edited by Stephen Farrell) > > I haven't read it yet, but thought I would share it here in case it brings > useful input to the security considerations for the spec. I'll note that the authors have published some initial errata already: http://www.strews.eu/results/91-d12 In addition to the "we used Fx 28" to test (and mis-characterized how 28 works as well, especially how permissions apply), I have many more issues with various bits of the paper, but I'll hold them for now - I think there's active discussion on other mailing lists and between various people and the authors. There certainly is useful information and analysis there as well. -- Randell Jesup -- rjesup a t mozilla d o t com
Received on Thursday, 13 November 2014 18:04:56 UTC