[rtcweb] I-D Action: draft-ietf-rtcweb-security-05.txt

internet-drafts@ietf.org Mon, 15 July 2013 13:28 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C05A21E8082; Mon, 15 Jul 2013 06:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.536
X-Spam-Level:
X-Spam-Status: No, score=-102.536 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjALihbTBak8; Mon, 15 Jul 2013 06:28:46 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BED4921F9EDE; Mon, 15 Jul 2013 06:28:46 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.51.p2
Message-ID: <20130715132846.9345.54571.idtracker@ietfa.amsl.com>
Date: Mon, 15 Jul 2013 06:28:46 -0700
Cc: rtcweb@ietf.org
Subject: [rtcweb] I-D Action: draft-ietf-rtcweb-security-05.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2013 13:28:47 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Real-Time Communication in WEB-browsers Working Group of the IETF.

	Title           : Security Considerations for WebRTC
	Author(s)       : Eric Rescorla
	Filename        : draft-ietf-rtcweb-security-05.txt
	Pages           : 24
	Date            : 2013-07-15

Abstract:
   The Real-Time Communications on the Web (RTCWEB) working group is
   tasked with standardizing protocols for real-time communications
   between Web browsers, generally called "WebRTC".  The major use cases
   for WebRTC technology are real-time audio and/or video calls, Web
   conferencing, and direct data transfer.  Unlike most conventional
   real-time systems (e.g., SIP-based soft phones) WebRTC communications
   are directly controlled by a Web server, which poses new security
   challenges.  For instance, a Web browser might expose a JavaScript
   API which allows a server to place a video call.  Unrestricted access
   to such an API would allow any site which a user visited to "bug" a
   user's computer, capturing any activity which passed in front of
   their camera.  This document defines the WebRTC threat model and
   analyzes the security threats of WebRTC in that model.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-rtcweb-security-05

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-rtcweb-security-05


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/