Re: [rtcweb] Asking TLS for help with media isolation

[Harald Alvestrand <harald@alvestrand.no>]

On 04/08/2014 08:24 PM, Martin Thomson wrote:
> On 8 April 2014 09:50, Bernard Aboba <bernard.aboba@gmail.com> wrote:
>> [BA] I'm not sure that the concept of "isolation" makes sense for those
>> intermediaries (or to voicemail or an audio/video conference, for that
>> matter).   While in a point-to-point call it might be useful, in a
>> conference the whole point is to have audio/video sent to multiple parties,
>> and recording is commonplace.  The problem is that from a protocol point of
>> view the cases are not easily distinguishable -- and so if the browser
>> insists on "isolation" then one wonders what will happen if the conference
>> bridge/video MCU/voicemail system refuses to negotiate it.   Refusing to
>> send media would not be a desirable outcome.
> I think that for this, it's perfectly reasonable to use identity, but
> not stream isolation.  With isolation, if the peer does not agree to
> comply, then the session fails to complete.
Actually I'd say it's "if the peer does not *agree to* comply".
The protocol has no defense against liars, but that's a common issue.
>
> The authenticated party here is an MCU (or bridge, or voicemail,
> etc...).  Rather than sending to "anindividual@example.org", media is
> sent to "mcu@example.com".  Is it reasonable for that MCU to forward
> media to other, unspecified entities?  Clearly it can, but should it?
>
> (Not having thought it through completely, a voicemail box could
> conceivably work.  I think that I'd want to use a different identity
> for it though.)

I can see an use for a recording spec that said "you can record this, 
but only if you do it in such a way that it's only accessible to the 
stated identity".

Would be weird to try to enforce that.... but I agree; MCU and isolation 
have a hard time mixing.
Let's just not.