- From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
- Date: Fri, 12 Jan 2018 13:44:52 +0100
- To: Iñaki Baz Castillo <ibc@aliax.net>
- Cc: T H Panton <thp@westhawk.co.uk>, "public-webrtc@w3.org" <public-webrtc@w3.org>, Cullen Jennings <fluffy@iii.ca>
On 12/01/2018 13:27, Iñaki Baz Castillo wrote: > And as I already pointed out, my proposal above was just intended to > make both, Full ICE and ICE Lite, equally safe. :) > > Leaking data via TURN credentials is a different subject (not less important). Ok, I agree with that, but as Tim said this will require changes on IETF stun. Before going that route, it would be worthy to think if it makes sense at all to enable P2P communications (ice-lite or ice, dc or media) at all on a web page that has restricted the data origins/dests via CSP. A rule to disable webrtc if CSP is enabled would be enough for 99% of cases and trivial to implement as phase 0. Best regards Sergio
Received on Friday, 12 January 2018 12:45:13 UTC