Re: [rtcweb] Let's define the purpose of WebRTC

["Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>]

|That opens up for downgrade attacks and put a lot 
|of trust on the web browser UI to show what happens
|and on the users to understand what the web browser 
|UA is trying to tell them.

It isn't an attack per se (since a malicious JS no control over it), rather a choice we would have to make whether or not to allow insecure calling to non-WebRTC clients. Yes, it adds some burden on the UI, but could be as simple as a red cross you see on https URL when the browser detects either high-risk insecure content on the page or problems with the site's certificate.

Muthu

|-----Original Message-----
|From: Olle E. Johansson [mailto:oej@edvina.net]
|Sent: Wednesday, November 09, 2011 4:54 PM
|To: Muthu Arul Mozhi Perumal (mperumal)
|Cc: Iñaki Baz Castillo; Avasarala, Ranjit; Ravindran Parthasarathi; Cullen Jennings (fluffy);
|rtcweb@ietf.org
|Subject: Re: [rtcweb] Let's define the purpose of WebRTC
|
|
|9 nov 2011 kl. 11:57 skrev Muthu Arul Mozhi Perumal (mperumal):
|
|> |The "application" is untrusted by nature, and we don't want
|> |to make the end-user to decide whether to trust it or not.
|> |Explained many times in this maillist.
|>
|> I am thinking we could burn SRTP into the browser such that the decision of whether or not to use
|SRTP vests solely with the browser. If a WebRTC browser is exchanging media with another WebRTC
|browser they always do SRTP/SRTCP. If either side isn't WebRTC compliant they end up with RTP/RTCP.
|This way we don't need to trust the JS, instead trust only the browser. We can also interoperate with
|legacy devices without taxing them.
|
|That opens up for downgrade attacks and put a lot of trust on the web browser UI to show what happens
|and on the users to understand what the web browser UA is trying to tell them.
|
|/O