W3C home > Mailing lists > Public > public-webrtc@w3.org > June 2018

Re: To Stream or not to Stream (payload encryption use cases)

From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Fri, 15 Jun 2018 10:00:11 +0200
To: Bernard Aboba <Bernard.Aboba@microsoft.com>, youenn fablet <yfablet@apple.com>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <714f9325-9616-c98c-da18-bfc98f9cb22a@gmail.com>
On 15/06/2018 7:37, Bernard Aboba wrote:
> Youenn said:
>
> "The dual encryption use case is also interesting to study."
>
> [BA] It appears that there may be multiple of these, with different security requirements.
>
> One of them is the "secure conferencing" use case.
>
> In this use case, the goal is to have end-to-end payload encryption, where the service itself is untrusted and must not have access to unprotected media (raw or encoded).
>
> As a result in such a use case JS access to raw or encoded cleartext frames is an anti-requirement - this must be prevented to implement the use case properly.

I think that it makes sense to integrate e2e media encryption with 
identity somehow. Meaning that the app is not in control of the e2e 
authentication, but a trusted party is (like the identity provider).

In this case, either if the full encryption is done in js/wasm or if we 
implement the mechanism inside the browser and the key setting is done 
in js, this should be executed on an isolated js environment on the 
domain of the trusted party (as the identity assertion). If e2eme is 
used, then the streams should be in isolated mode and the js would not 
be allowed to perform any raw media access/processing on them.

Best regards

Sergio
Received on Friday, 15 June 2018 07:59:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:42 UTC