Re: [rtcweb] Use Case draft - Eavesdropping.

Stefan Hakansson LK <> Wed, 02 May 2012 07:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9079121F8A47 for <>; Wed, 2 May 2012 00:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZV8Pak9cEBUS for <>; Wed, 2 May 2012 00:50:31 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BE6A521F8A41 for <>; Wed, 2 May 2012 00:50:30 -0700 (PDT)
X-AuditID: c1b4fb25-b7b18ae000000dce-28-4fa0e74518ae
Authentication-Results: x-tls.subject="/CN=esessmw0256"; auth=fail (cipher=AES128-SHA)
Received: from (Unknown_Domain []) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client CN "esessmw0256", Issuer "esessmw0256" (not verified)) by (Symantec Mail Security) with SMTP id 33.ED.03534.547E0AF4; Wed, 2 May 2012 09:50:29 +0200 (CEST)
Received: from [] ( by ( with Microsoft SMTP Server id; Wed, 2 May 2012 09:50:29 +0200
Message-ID: <>
Date: Wed, 02 May 2012 09:50:28 +0200
From: Stefan Hakansson LK <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
Subject: Re: [rtcweb] Use Case draft - Eavesdropping.
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 May 2012 07:50:31 -0000

On 05/01/2012 04:05 PM, Eric Rescorla wrote:
> On Tue, May 1, 2012 at 6:14 AM, Hutton, Andrew
> <>  wrote:
>> Hi,
>> A number of use cases within Draft-ietf-rtcweb-use-cases-and-requirements-07 contain the statement "It is essential that the communication cannot be eavesdropped" however there is no definition of what is actually meant by "eavesdropped" although I think we all have an idea of what it means.
>> Maybe it would be better to replace these statements with something that refers to wiretapping and RFC 2804 (RAVEN) which actually has a definition of wiretapping.
> This seems like it's creeping into the security requirements question.
> Rather than try to make the use cases document more precise, I'd
> prefer to have those statements be in draft-ietf-rtcweb-security,
> which actually has (or at least is intended to) have fairly precise
> descriptions of what the relevant security properties are.

As one of the editors of the use case doc, I agree.

The document was written at a time when everything was much vaguer, and 
we as a group had much much less insight, and this is reflected in the 
document. 'Eavesdropping' is one example, 'stream' is another (we now 
have things like MediaStream, MediaStreamTrack), and so on.

I think we should keep it that way rather than doing a major update; I 
think there is little gain in doing that.


> -Ekr
> _______________________________________________
> rtcweb mailing list