- From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
- Date: Fri, 15 Jun 2018 10:00:11 +0200
- To: Bernard Aboba <Bernard.Aboba@microsoft.com>, youenn fablet <yfablet@apple.com>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 15/06/2018 7:37, Bernard Aboba wrote: > Youenn said: > > "The dual encryption use case is also interesting to study." > > [BA] It appears that there may be multiple of these, with different security requirements. > > One of them is the "secure conferencing" use case. > > In this use case, the goal is to have end-to-end payload encryption, where the service itself is untrusted and must not have access to unprotected media (raw or encoded). > > As a result in such a use case JS access to raw or encoded cleartext frames is an anti-requirement - this must be prevented to implement the use case properly. I think that it makes sense to integrate e2e media encryption with identity somehow. Meaning that the app is not in control of the e2e authentication, but a trusted party is (like the identity provider). In this case, either if the full encryption is done in js/wasm or if we implement the mechanism inside the browser and the key setting is done in js, this should be executed on an isolated js environment on the domain of the trusted party (as the identity assertion). If e2eme is used, then the streams should be in isolated mode and the js would not be allowed to perform any raw media access/processing on them. Best regards Sergio
Received on Friday, 15 June 2018 07:59:33 UTC