[rtcweb] Security and browser/screen access

Randell Jesup <randell-ietf@jesup.org> Sun, 25 September 2011 21:49 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8B3F121F8B2E for <rtcweb@ietfa.amsl.com>; Sun, 25 Sep 2011 14:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.31
X-Spam-Status: No, score=-1.31 tagged_above=-999 required=5 tests=[AWL=-1.311, BAYES_50=0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 60QfWSsl1iFW for <rtcweb@ietfa.amsl.com>; Sun, 25 Sep 2011 14:49:16 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com []) by ietfa.amsl.com (Postfix) with ESMTP id B4FCD21F8B29 for <rtcweb@ietf.org>; Sun, 25 Sep 2011 14:49:16 -0700 (PDT)
Received: from pool-173-49-141-165.phlapa.fios.verizon.net ([] helo=[]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1R7wc9-0000Ul-6b for rtcweb@ietf.org; Sun, 25 Sep 2011 16:51:57 -0500
Message-ID: <4E7FA1A3.60908@jesup.org>
Date: Sun, 25 Sep 2011 17:48:19 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
Subject: [rtcweb] Security and browser/screen access
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2011 21:49:17 -0000

This is an issue that impacts at a usecase we've been discussing: access to the
browser or screen bitmap is inherently very risky, security-wise.

See Robert O'Callahan's blog post triggered by discussions of these usecases at
our recent Mozilla All-Hands:

This directly affects use-cases like WebEx (of course), remote assistance, etc.
We've glossed the security side of those so far.

Note that these use-cases replace desktop or plugin installs which implicitly gave
the provider access to far more than just the screen, so from that perspective
screen access is actually a reduction in exposure.  However, there's a definitive
decision (whether well-informed or not) to install these apps, and most of them
(not all!) don't auto-update without asking; and you can un-install them.

This once again as I've mentioned in some other cases wanders into the same territory
as WebApp installation, which we also talked about looking at for handling "ongoing
permissions" for camera/mic for services similar to Skype - tie it to a user "install".
Whether that's good enough, and how that actually works are good questions.

Randell Jesup