- From: Greg Norcie <gnorcie@cdt.org>
- Date: Thu, 25 Jun 2015 12:13:06 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7bEG-W+EuFcGuUOra-utMAsdQT6uJuDhcJnjpfVs1RkdA@mail.gmail.com>
---------- Forwarded message ---------- From: Greg Norcie <gnorcie@cdt.org> Date: Thu, Jun 4, 2015 at 3:53 PM Subject: Re: Request for feedback: Media Capture and Streams Last Call To: "public-privacy (W3C mailing list)" <public-privacy@w3.org> Hi all, Sorry for the late reply. Overall, this spec looks really good, we at CDT just had a few small suggestions: 1. It would be nice if there was a simple, user friendly way to revoke consent for a stream (especially audio/webcam streams). As it currently stands, once consent is granted there doesn't seem to be simple way to revoke it. 2. In section 10.6, it is stated that persistent permissions must be be served over HTTPS and have no mixed content. It would be nice to see the "definition" of mixed content expanded to include the various issues mentioned in Bonneau's recent paper[1]. For example, if a site elects to use pinning, it should be considered to have mixed content if it loads non-pinned content. Also, as an aside, we used the TAG questionnaire, and while it was very useful, we think it could use some tweaking. And in the spirit of open source, we'll be proposing some tweaks (probably sometime late next week) [1] http://www.jbonneau.com/doc/KB15-NDSS-hsts_pinning_survey.pdf -- /***********************************/ *Greg Norcie (norcie@cdt.org <norcie@cdt.org>)* *Staff Technologist* *Center for Democracy & Technology* 1634 Eye St NW Suite 1100 Washington DC 20006 (p) 202-637-9800 PGP: http://norcie.com/pgp.txt Fingerprint: 73DF-6710-520F-83FE-03B5 8407-2D0E-ABC3-E1AE-21F1 /***********************************/
Received on Thursday, 25 June 2015 16:13:38 UTC