W3C home > Mailing lists > Public > public-webrtc@w3.org > March 2017

Re: Identity mechanism at risk?

From: T H Panton <thp@westhawk.co.uk>
Date: Fri, 17 Mar 2017 15:53:34 +0000
Cc: Cullen Jennings <fluffy@iii.ca>, Dominique Hazaƫl-Massieux <dom@w3.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-Id: <AA6B7ADC-F1C3-4CE7-8857-694F7354D23B@westhawk.co.uk>
To: Adam Roach <adam@nostrum.com>

> On 17 Mar 2017, at 15:35, Adam Roach <adam@nostrum.com> wrote:
> 
> On 3/17/17 10:20, T H Panton wrote:
>> (happy to take this off list if it helps).
> 
> What would help is recognizing that "it's actually okay in the rare case when one of the parties is *also* the service provider" does little to address the vastly-more-popular case that the service provider is *not* a party to the conversation.

True. Banks are an edge case (but actually an important one).

What about the very common case where the service provider is also the identity provider for both parties - (I'm thinking of social networks etc)?
In your threat model we have to trust them to supply identity validating javascript
on one side of the barrier, but we don't trust them to check DTLS fingerprints on the other? 

Note, I'm not arguing that we don't need the identity provider mechanism - I am arguing that there are many situations where webRTC is
useably secure without it. (conditional on you placing some trust somewhere beyond the browser maker).

T.
Received on Friday, 17 March 2017 15:54:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:50 UTC