- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Mon, 12 Jan 2015 14:10:46 +0000
- To: "public-webrtc@w3.org" <public-webrtc@w3.org>
Since Martin presented the idea, and design of APIs, of key handling in WebRTC [1], and especially after a PR [2] was issued, there has been quite some discussion on whether re-using Web Crypto API(s) for WebRTC key handling is good idea or not. The chairs think we should take a step back and first determine the use cases and requirements followed by designing an API. In a second phase we can discuss (probably jointly with the Web Cryptography WG) what re-use of other APIs that makes sense. Our understanding is that we have two main use cases to support (from [3]), namely (Per Origin): #1. Anonymous calling: the correspondent doesn't care who the other side is, so no identification is needed. #2. Identified calling: there's some chain of evidence linking the crypto keys used for the call to some mutually-known identity (probably via an identity provider). Tim followed up on #2 with some more details in [4]. When it comes to requirements two sets have been proposed. One by Ryan in [5] and one by Richard in [6]. To move forward we'd like to see volunteer(s) to drive the discussion on use cases, requirements and API design. Anyone willing and having cycles (Martin?)? Harald and Stefan [1] https://www.w3.org/2011/04/webrtc/wiki/images/f/f3/Keys.pdf [2] https://github.com/w3c/webrtc-pc/pull/28 [3] http://lists.w3.org/Archives/Public/public-webrtc/2015Jan/0016.html [4] http://lists.w3.org/Archives/Public/public-webrtc/2015Jan/0017.html [5] http://lists.w3.org/Archives/Public/public-webrtc/2014Dec/0094.html [6] http://lists.w3.org/Archives/Public/public-webrtc/2014Dec/0095.html
Received on Monday, 12 January 2015 14:11:16 UTC