IETF Logo Mail Archive

Re: [rtcweb] The MTI Codec Questions (what to ask and how to ask them)

Randell Jesup <randell-ietf@jesup.org> Wed, 12 November 2014 02:11 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E11E71A88C7 for <rtcweb@ietfa.amsl.com>; Tue, 11 Nov 2014 18:11:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HaQF9QcffU5u for <rtcweb@ietfa.amsl.com>; Tue, 11 Nov 2014 18:11:44 -0800 (PST)
Received: from relay.mailchannels.net (si-002-i39.relay.mailchannels.net [184.154.112.204]) by ietfa.amsl.com (Postfix) with ESMTP id 69C001A882E for <rtcweb@ietf.org>; Tue, 11 Nov 2014 18:11:42 -0800 (PST)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183]) by relay.mailchannels.net (Postfix) with ESMTPA id 14A95AD9C1 for <rtcweb@ietf.org>; Wed, 12 Nov 2014 02:11:39 +0000 (UTC)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [10.245.44.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.3.3); Wed, 12 Nov 2014 02:11:40 GMT
X-MC-Relay: Neutral
X-MailChannels-SenderId: wwwh|x-authuser|randell@jesup.org
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1415758300287:2348371723
X-MC-Ingress-Time: 1415758300287
Received: from pool-71-175-4-200.phlapa.fios.verizon.net ([71.175.4.200]:54000 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <randell-ietf@jesup.org>) id 1XoNPG-00092v-UK for rtcweb@ietf.org; Tue, 11 Nov 2014 20:11:38 -0600
Message-ID: <5462C1BB.7050209@jesup.org>
Date: Tue, 11 Nov 2014 21:11:07 -0500
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <98200BCB-ABC9-4BE0-B11D-B7AEC9F8B2A4@ieca.com> <7594FB04B1934943A5C02806D1A2204B1D4E50D8@ESESSMB209.ericsson.se> <E78E8017-A08F-4061-B2BA-FB3900B1C681@phonefromhere.com> <CAGTXFp-9AtQakpLt+O_eNRNr71uyh26igLb-_56LDUTQ+g5iJg@mail.gmail.com> <545A6281.4050601@gmail.com> <EC89515C-4FD9-4C08-A80A-42B36004A516@phonefromhere.com> <545A7E0B.4070505@gmail.com> <C17546AB-1419-49C2-A634-49296C122347@phonefromhere.com>
In-Reply-To: <C17546AB-1419-49C2-A634-49296C122347@phonefromhere.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
X-AuthUser: randell@jesup.org
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/4Z1JITQquOtHcpJmMLVKhyls54I
Subject: Re: [rtcweb] The MTI Codec Questions (what to ask and how to ask them)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 02:11:49 -0000

On 11/5/2014 5:39 PM, tim panton wrote:
>
> Agreed, the worst aspect of any adoption of H264 is that it makes it 
> significantly more difficult to
> produce a custom ’secure’ build of firefox that has been independently 
> reviewed for special use-cases
> (press, humanitarian workers etc). I suspect those users might be 
> prepared to forego the ‘w3c webRTC compliant’
> logo in exchange for increased security.

I'll note that we're running openH264 inside a pretty strong sandbox for 
security reasons, so really one should be vetting the sandbox and 
assuming the code inside is compromised. The sandbox exposes a lot less 
than an NPAPI plugin exposes, for example. Perhaps this helps for your case.

-- 
Randell Jesup -- rjesup a t mozilla d o t com

v2.23.0 | Report a Bug | By Email