Re: [rtcweb] Notes on security for browser-based screen/application sharing
Harald Alvestrand <harald@alvestrand.no> Tue, 26 March 2013 22:27 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C76621F87B1 for <rtcweb@ietfa.amsl.com>; Tue, 26 Mar 2013 15:27:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.999
X-Spam-Level:
X-Spam-Status: No, score=-109.999 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RkwDIBItlRiH for <rtcweb@ietfa.amsl.com>; Tue, 26 Mar 2013 15:27:06 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id A778221F874A for <rtcweb@ietf.org>; Tue, 26 Mar 2013 15:27:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 3C6A439E13B; Tue, 26 Mar 2013 23:27:03 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFDo4HqCp9XX; Tue, 26 Mar 2013 23:27:02 +0100 (CET)
Received: from [IPv6:2001:470:de0a:27:d4a:939a:5855:2ae2] (unknown [IPv6:2001:470:de0a:27:d4a:939a:5855:2ae2]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 035E139E091; Tue, 26 Mar 2013 23:27:01 +0100 (CET)
Message-ID: <515220B5.7000101@alvestrand.no>
Date: Tue, 26 Mar 2013 23:27:01 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <CABcZeBPs=znh-BUCRoVkPC1UuQt-xxf-COD+SGE59ASBzRZbJQ@mail.gmail.com> <C5E08FE080ACFD4DAE31E4BDBF944EB11342CB58@xmb-aln-x02.cisco.com> <CABcZeBN2R=dKYtoLEstNuT2K89k+Y_gD8_OdRS5MQOJNSzY5Kg@mail.gmail.com> <514C7C51.1000006@cs.tcd.ie> <51520C7C.3030109@mozilla.com> <51520FDC.40608@cs.tcd.ie>
In-Reply-To: <51520FDC.40608@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Subject: Re: [rtcweb] Notes on security for browser-based screen/application sharing
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 22:27:09 -0000
On 03/26/2013 10:15 PM, Stephen Farrell wrote: > > On 03/26/2013 09:00 PM, Timothy B. Terriberry wrote: >> Stephen Farrell wrote: >>> Are there other things on the user's device that might >>> end up being shared? E.g. accelerometers or other sensors. >>> There have been papers demonstrating that access to such >>> information can reveal lots of things, e.g. passwords. >> You mean like <https://bugzilla.mozilla.org/show_bug.cgi?id=681562>? > Yep. Are the use-cases in webrtc for that kind of sensor > data to be made available over the n/w or is it all handled > locally? I think the DAP WG in the W3C is the right place to address APIs for sensor data. They're one of the parent WGs of the Media Capture Task Force, which is charged with getting the specs right for getusermedia, so one would assume they're aware of the discussions there. But in my opinion, neither the WEBRTC WG nor the RTCWEB WG have this in their charters. I advocate separation of concerns; if people want to work on this, go there. > > Ta, > S. > >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb >> >> > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Notes on security for browser-based scre… Eric Rescorla
- Re: [rtcweb] Notes on security for browser-based … Cullen Jennings (fluffy)
- Re: [rtcweb] Notes on security for browser-based … Eric Rescorla
- Re: [rtcweb] Notes on security for browser-based … Ron
- Re: [rtcweb] Notes on security for browser-based … Stephen Farrell
- Re: [rtcweb] Notes on security for browser-based … Cullen Jennings
- Re: [rtcweb] Notes on security for browser-based … Martin Thomson
- Re: [rtcweb] Notes on security for browser-based … Randell Jesup
- Re: [rtcweb] Notes on security for browser-based … Timothy B. Terriberry
- Re: [rtcweb] Notes on security for browser-based … Stephen Farrell
- Re: [rtcweb] Notes on security for browser-based … Ralph Giles
- Re: [rtcweb] Notes on security for browser-based … Harald Alvestrand