[rtcweb] Review of draft-ietf-rtcweb-security
Bernard Aboba <bernard.aboba@gmail.com> Mon, 14 July 2014 19:36 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB28B1A00C0 for <rtcweb@ietfa.amsl.com>; Mon, 14 Jul 2014 12:36:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlR1ZdKjb9gY for <rtcweb@ietfa.amsl.com>; Mon, 14 Jul 2014 12:36:44 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174BC1A009C for <rtcweb@ietf.org>; Mon, 14 Jul 2014 12:36:43 -0700 (PDT)
Received: by mail-wi0-f177.google.com with SMTP id ho1so3136526wib.4 for <rtcweb@ietf.org>; Mon, 14 Jul 2014 12:36:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=hl82h+gb+GXbP0bObP9WEv6p1u10r8qq5AFlGBTSS7Q=; b=Acez8PmYvHhUmlgK32YkNm9IL21qs6uUgPijFZEzZ1xnvjyTe9Zkgb9eRZBaKso/GV c8CjevPxDzwkSpCbZWxGK1LHZFCxf2CVM7sEluF6vPSGxKGyCuEzrsOc0tPUC+zb4H0A S5B0cyi97PutOiRu+z9SPcbc6FvC9Lec+VXgByVvIpFnHKAcyiW86DSycAdrE4cGGcIs HMynbZA5uKhM5Iv3VZyN8/3Q+2hwn0ceToAsRVLM4kl4b+nMxgEc7k0Iwn0mT9QP+a4Z vpCSiNSQmwsaf2eBYRFe/2IGcFIzNtFKnmjfjE9+7E0F5bPMgd7dMlP170bG+dzX5pqP eQOA==
X-Received: by 10.194.60.240 with SMTP id k16mr22241935wjr.0.1405366602626; Mon, 14 Jul 2014 12:36:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.122.65 with HTTP; Mon, 14 Jul 2014 12:36:22 -0700 (PDT)
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Mon, 14 Jul 2014 12:36:22 -0700
Message-ID: <CAOW+2dvWtFW6MNA+SsA2bXDeUG=eFLp8AWPTpbwdX00ktDwogg@mail.gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bacc1e420fdd204fe2c69b2"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/cT1bP56a5Ef5LN7ntYHadoSWHhI
Subject: [rtcweb] Review of draft-ietf-rtcweb-security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jul 2014 19:36:46 -0000
Section 4.1 By contrast, consent to send network traffic is about preventing the user's browser from being used to attack its local network. [BA] Not sure why the threat is limited to the browsers local network. DDOS attacks against hosts on other networks are possible too, right? At minimum, then, it MUST NOT be possible for arbitrary sites to initiate calls to arbitrary locations without user consent.... Thus, we need to ensure communications consent even if the site is not able to access the camera and microphone at all [BA] Do the terms "user consent" and "communications consent" have different meanings here? For example, the former tends to suggest the need for user intervention, while the latter might be satisfied by ICE consent. As it stands in this section, I'm not sure what the requirement is, exactly, although it seems important enough to merit a MUST NOT. Section 4.1.1 Unfortunately, the security implications of this functionality are much harder for users to intuitively analyze than for camera and microphone access. (See http://lists.w3.org/Archives/Public/public-webrtc/2013Mar/0024.html for a full analysis.) [BA] Not sure why a link is being provided to a mailing list post. Is the intent to have a separate document focuses on screen sharing? If so, then this document should say this. If not, then the material in the link should be imported into the document.
- [rtcweb] Review of draft-ietf-rtcweb-security Bernard Aboba