W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2014

Re: WebRTC Security Assessment

From: Randell Jesup <randell-ietf@jesup.org>
Date: Thu, 13 Nov 2014 13:03:58 -0500
Message-ID: <5464F28E.3090207@jesup.org>
To: public-webrtc@w3.org
On 11/6/2014 9:41 AM, Dominique Hazael-Massieux wrote:
> Hi,
> The STREWS project, who co-organized the W3C/IAB workshop on Strengthening
> the Internet Against Pervasive Monitoring (STRINT) back in February, has
> just released their security assessment of WebRTC, from both a protocol
> and API perspective:
> http://www.strews.eu/images/webrtc.pdf (edited by Stephen Farrell)
> I haven't read it yet, but thought I would share it here in case it brings
> useful input to the security considerations for the spec.

I'll note that the authors have published some initial errata already:

In addition to the "we used Fx 28" to test (and mis-characterized how 28 
works as well, especially how permissions apply), I have many more  
issues with various bits of the paper, but I'll hold them for now - I 
think there's active discussion on other mailing lists and between 
various people and the authors.  There certainly is useful information 
and analysis there as well.

Randell Jesup -- rjesup a t mozilla d o t com
Received on Thursday, 13 November 2014 18:04:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:42 UTC