- From: Bernard Aboba <Bernard.Aboba@microsoft.com>
- Date: Fri, 15 Jun 2018 05:37:44 +0000
- To: youenn fablet <yfablet@apple.com>
- CC: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Youenn said: "The dual encryption use case is also interesting to study." [BA] It appears that there may be multiple of these, with different security requirements. One of them is the "secure conferencing" use case. In this use case, the goal is to have end-to-end payload encryption, where the service itself is untrusted and must not have access to unprotected media (raw or encoded). As a result in such a use case JS access to raw or encoded cleartext frames is an anti-requirement - this must be prevented to implement the use case properly. The other use case relates to entertainment - namely content protection. In that use case, the service is trusted, but the goal is to disable aspects of browser functionality such as media recorder. So performance is not the only issue here - we need to understand exactly what use case we are attempting to implement and what the resulting security requirements are. Yoenn also said: "As of the streaming of media content, I agree there might be some convergence, especially with live content. That said, access to raw decodable content/raw decoded frames goes against EME-based solutions." [BA] Indeed. That is why it is critical that we are clear on the use case and *all* of the requirements necessary to make them work.
Received on Friday, 15 June 2018 05:38:19 UTC