Re: webRTC and Content Security Policy connect-src

On 12 January 2018 at 13:56, T H Panton <thp@westhawk.co.uk> wrote:
>> On 12/01/2018 13:27, Iñaki Baz Castillo wrote:
>>> And as I already pointed out, my proposal above was just intended to
>>> make both, Full ICE and ICE Lite, equally safe. :)
>>>
>>> Leaking data via TURN credentials is a different subject (not less important).
>>
>> Ok, I agree with that, but as Tim said this will require changes on IETF stun.
>
> On reflection I think we should do both, lets make a sensible mention of webRTC in the CSP on the w3c side
> and make these ICE changes on the IETF side.

Agreed. ICE stuff should be fixed in IETF.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>

Received on Friday, 12 January 2018 13:00:10 UTC