Re: [rtcweb] Use Case draft - Eavesdropping.

[Stefan Hakansson LK <stefan.lk.hakansson@ericsson.com>]

On 05/01/2012 04:05 PM, Eric Rescorla wrote:
> On Tue, May 1, 2012 at 6:14 AM, Hutton, Andrew
> <andrew.hutton@siemens-enterprise.com>  wrote:
>> Hi,
>>
>> A number of use cases within Draft-ietf-rtcweb-use-cases-and-requirements-07 contain the statement "It is essential that the communication cannot be eavesdropped" however there is no definition of what is actually meant by "eavesdropped" although I think we all have an idea of what it means.
>>
>> Maybe it would be better to replace these statements with something that refers to wiretapping and RFC 2804 (RAVEN) which actually has a definition of wiretapping.
>
> This seems like it's creeping into the security requirements question.
> Rather than try to make the use cases document more precise, I'd
> prefer to have those statements be in draft-ietf-rtcweb-security,
> which actually has (or at least is intended to) have fairly precise
> descriptions of what the relevant security properties are.

As one of the editors of the use case doc, I agree.

The document was written at a time when everything was much vaguer, and 
we as a group had much much less insight, and this is reflected in the 
document. 'Eavesdropping' is one example, 'stream' is another (we now 
have things like MediaStream, MediaStreamTrack), and so on.

I think we should keep it that way rather than doing a major update; I 
think there is little gain in doing that.

Stefan

>
> -Ekr
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb