W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: webRTC and Content Security Policy connect-src

From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Fri, 12 Jan 2018 13:59:21 +0100
Message-ID: <CALiegfkxVj389p5pMdLawDk+OuMyM5kzOK7BBzwTku3cgpt5Sg@mail.gmail.com>
To: T H Panton <thp@westhawk.co.uk>
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>, Cullen Jennings <fluffy@iii.ca>
On 12 January 2018 at 13:56, T H Panton <thp@westhawk.co.uk> wrote:
>> On 12/01/2018 13:27, Iñaki Baz Castillo wrote:
>>> And as I already pointed out, my proposal above was just intended to
>>> make both, Full ICE and ICE Lite, equally safe. :)
>>> Leaking data via TURN credentials is a different subject (not less important).
>> Ok, I agree with that, but as Tim said this will require changes on IETF stun.
> On reflection I think we should do both, lets make a sensible mention of webRTC in the CSP on the w3c side
> and make these ICE changes on the IETF side.

Agreed. ICE stuff should be fixed in IETF.

Iñaki Baz Castillo
Received on Friday, 12 January 2018 13:00:10 UTC

This archive was generated by hypermail 2.3.1 : Friday, 12 January 2018 13:00:11 UTC