Re: Request for a TAG review of the Presentation API

On Wed, Jul 1, 2015 at 3:53 PM, Francois Daoust <> wrote:
> Even if the specification ends up mandating support for specific discovery
> and communication protocols, it would still make sense to allow user agents
> to support additional ones. How can we formulate security requirements for
> such cases?

I don't think we need to consider the security requirements of
proprietary systems. It would be better use of our time to make sure
the protocol is open.

> Indeed. Isn't it possible in the WebRTC/RTCWeb world to establish an
> encrypted data channel between two such peers without authentication?

There's no meaningful encryption without authentication.

> This would not work for games and that has indeed been raised in the past
> (for reference, see similar discussion from last year, which includes points
> about UX for games but also in other situations on the mailing-list of the
> Second Screen CG that gave birth to the WG at [1]). However, current
> implementers, Google and Mozilla in particular, will load presentations in
> private mode browsing.

Well yes, I know about our current plans, but it seems very
problematic that we have no idea how to address it. And it seems
likely that anything we want to do here affects the API in some way.

> [1]


Received on Wednesday, 1 July 2015 14:09:44 UTC