W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: webRTC and Content Security Policy connect-src

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 17 Jan 2018 11:29:15 +1100
Message-ID: <CABkgnnUy3RWGM=gBOo=s6yAyVDewb55DJ01Tpa5Qq9A01zKQ+Q@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Roman Shpount <roman@telurix.com>, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, Harald Alvestrand <harald@alvestrand.no>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On Wed, Jan 17, 2018 at 11:14 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
> Can we ensure that any such big switch or granular control
> does not in practice create a major bias towards requiring
> involvement from some major web property before a random
> web site can deploy WebRTC with CSP?

Yeah, I'll confess that this is part of why I have reservations about
these switches.  It encourages a deployment model that centralizes
communications in ways that advantage larger providers.

Pure peer-to-peer is much harder to get working if you have to
authorize every IP address.  The inherent difficulty of implementing
Roman's suggestion to authenticate candidates should make that
obvious.
Received on Wednesday, 17 January 2018 00:29:43 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 17 January 2018 00:29:45 UTC