- From: Lennart Grahl <lennart.grahl@gmail.com>
- Date: Wed, 16 Jun 2021 16:08:56 +0200
- To: Elad Alon <eladalon@google.com>
- Cc: Harald Alvestrand <harald@alvestrand.no>, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, Youenn Fablet <youenn@apple.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, WebRTC WG <public-webrtc@w3.org>, T H Panton <tim@pi.pe>
On 16/06/2021 15:15, Elad Alon wrote: > By your own admission, *the same lock-out is possible* with a > MessageChannel, so all previous arguments in that vein are equally > valid/invalid here. A rose by any other name... > > What do we gain then? Can we discover self-capture more easily? No, > it becomes a bit more involved. Can we establish an arbitrary channel > of communication more easily? No, we're kind of pushed down the path > of the MessageChannel. (Granted - we can still change lanes. Note > "more easily.") > > What do we lose? The capturer can no longer get information about the > captured application without alerting the captured application to the > existence of a capture. A real shame to lose this property. IIRC > Mozilla was concerned that captured applications could "paywall" and > start censoring themselves when captured. I share that concern. > > Btw, I'd like to remind you of the presence of "*" (the wildcard > character) as a valid value of *permittedOrigins*. Browsers are not > in the business of forcing collaboration, we're in the business of > enabling it between consenting participants. The more I think about it, I think your points are fair. *handle* being a string is indeed simpler and potentially more flexible. I'm not sold on the extra iframe-hop but at that point we're in bikeshedding territory, so it's not that much of a concern. I share the concerns of *permittedOrigins* raised by others that it is an easy lockout mechanism but your point is valid that a lockout is possible anyways and the origin concept is well-known and understood. Regards Lennart
Received on Wednesday, 16 June 2021 14:10:29 UTC