W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: What would you like to see in WebRTC next? A low-level API?

From: Harald Alvestrand <harald@alvestrand.no>
Date: Sun, 28 Jan 2018 18:05:20 +0100
To: public-webrtc@w3.org
Message-ID: <2b6c4982-f6cf-a623-027c-59765aac2b65@alvestrand.no>
Den 26. jan. 2018 19:29, skrev Cullen Jennings (fluffy):
> 
> 
>> On Jan 25, 2018, at 5:45 AM, Emil Ivov <emcho@jitsi.org
>> <mailto:emcho@jitsi.org>> wrote:
>>
>>
>> A way to set e2e encryption keys (for something like SRTP double)
>> would be great!
>>
>> Obviously doing that from the regular API wouldn’t make much sense,
>> but giving that option to browser extensions would be nice!
>>
> 
> Let me generalize this a bit … I think the WG thinking about what APIs
> it might have for browser extensions as well as what API for JavaScript
> would be a good thing. This keying is one, codecs is another, and
> handling the policy around what IP addresses get disclosed is another. 
> 
> 

Remember that exposing the session keys to Javascript means that anyone
who can get to your Javascript context can decrypt your communications,
and that anyone who's able to get or set your public/private keypair can
impersonate you in a man-in-the-middle attack.

Of course anyone who can get at your raw communication can get at your
communication anyway, so this might not seem like a big deal. But think
through the security model before you ask to set keys.
Received on Sunday, 28 January 2018 17:06:39 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 28 January 2018 17:06:41 UTC