- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 12 Jan 2015 15:53:01 -0800
- To: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 12 January 2015 at 06:10, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com> wrote: > #1. Anonymous calling: the correspondent doesn't care who the other side > is, so no identification is needed. > #2. Identified calling: there's some chain of evidence linking the > crypto keys used for the call to some mutually-known identity (probably > via an identity provider). This is separate to, and separable from, the identity work. It's mostly useful in the absence of identity, though it can have some limitation application when identity is involved. With Tim's example, key continuity provides pseudonymous identification of a peer. However useful this is in some cases, linkability of this sort is a real liability when it comes to anonymous calling. Thus the proposal, which is to have every PeerConnection instance use new credentials unless an application overrides that. That partly assumes we can agree to mandate ECDSA rather than RSA due to the cost of RSA key generation on limited clients. I think that Justin currently has the token on that part of the issue. I don't think that there is any more to it than that. Richard and Ryan seem to be arguing more over the interpretation of this basic requirement. I don't see any evidence of a lack of understanding there, more a disagreement over how to interpret and address it. My suggestion is that you tell the interested parties to sort it out between themselves and come back with a recommendation to the group. I'm happy to translate any conclusion they make into a pull request.
Received on Monday, 12 January 2015 23:53:28 UTC