IETF Logo Mail Archive

Re: [rtcweb] Question on sec architecture proposal

Eric Rescorla <ekr@rtfm.com> Tue, 10 January 2012 18:17 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57CF221F87FC for <rtcweb@ietfa.amsl.com>; Tue, 10 Jan 2012 10:17:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.617
X-Spam-Level:
X-Spam-Status: No, score=-102.617 tagged_above=-999 required=5 tests=[AWL=0.360, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7RxhZYZ4uHD for <rtcweb@ietfa.amsl.com>; Tue, 10 Jan 2012 10:17:47 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id ACADE21F87CF for <rtcweb@ietf.org>; Tue, 10 Jan 2012 10:17:47 -0800 (PST)
Received: by vbbfo1 with SMTP id fo1so4050773vbb.31 for <rtcweb@ietf.org>; Tue, 10 Jan 2012 10:17:43 -0800 (PST)
Received: by 10.52.29.75 with SMTP id i11mr9916556vdh.23.1326219463098; Tue, 10 Jan 2012 10:17:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.185.227 with HTTP; Tue, 10 Jan 2012 10:17:02 -0800 (PST)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <BLU152-W64DED0FD68A58DCBC9AB2B93990@phx.gbl>
References: <4F084BED.3010001@ericsson.com> <CABcZeBP7xd5Hqp52LAD6LPog+REgAmtHCm=3NiQBhw8nWGn1kg@mail.gmail.com> <4F09D6FC.7040801@ericsson.com> <4F09DF99.5070907@mozilla.com> <4F0AE5A9.7040307@ericsson.com> <4F0B0BD3.4070109@jesup.org> <4F0BF535.7010600@ericsson.com> <BLU152-W64DED0FD68A58DCBC9AB2B93990@phx.gbl>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 10 Jan 2012 10:17:02 -0800
Message-ID: <CABcZeBPcF75dXs7kyKgiyVjsU8LYkVyDdhvZRJViOM0uyPruVQ@mail.gmail.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Question on sec architecture proposal
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 18:17:48 -0000

On Tue, Jan 10, 2012 at 10:14 AM, Bernard Aboba
<bernard_aboba@hotmail.com> wrote:
>
>> I did read up, but it seems that discussion did not really end up at a
>> conclusion. And it was mostly discussed for the local context, never how
>> to ensure that the data of a stream on the other end of a PeerConnection
>> can not be accessed.
>
> [BA] It seems to me that media security should not necessarily imply the
> absence of recording capabilities.
>
> There are scenarios (e.g. web conferences) where the presentations are
> routinely recorded today, and there are products that support both media
> security and recording.
>
> For example, SIPREC does not assume that recording is forbidden if SRTP is
> used.

Yes, I agree with this. The requirement I am trying to get at is that the site
needs to be able to relinquish the ability to record and the user needs
to be able to know when that has happened.

-Ekr

v2.23.0 | Report a Bug | By Email