On 25/11/2018 21:22, Eric Rescorla wrote: > > Rigth, but tunneling is the only mechanism specified in PERC, so I > assume that is the keying mechanism proposed when speaking about > accepting PERC in webrtc., I would not have any issue (in regards > of the > keying part) with setting the keys in js either on the app (for > trusted > app models) or in the identity server (for untrusted app model). > > > The problem with this, as Martin indicates, is that this goes directly > against the security architecture we have otherwise been using for > WebRTC, which involves not having encryption keys handled by the JS or > carried directly over the signaling channel. We are adding a new layer on top of current security architecture, so I fail to see how it invalidates it. As I would fail to see how allowing the js app to encrypt a websocket message would invalidate secure websockets security architecture. You may consider it insufficient, but that is a different topic. Best regards SergioReceived on Sunday, 25 November 2018 20:46:16 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:45 UTC