Re: [rtcweb] Question on sec architecture proposal
Randell Jesup <randell-ietf@jesup.org> Tue, 10 January 2012 21:50 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3523D21F8607 for <rtcweb@ietfa.amsl.com>; Tue, 10 Jan 2012 13:50:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[AWL=0.174, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVmAwQeOYHvB for <rtcweb@ietfa.amsl.com>; Tue, 10 Jan 2012 13:50:20 -0800 (PST)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id A9E7D21F85BE for <rtcweb@ietf.org>; Tue, 10 Jan 2012 13:50:20 -0800 (PST)
Received: from pool-173-49-135-74.phlapa.fios.verizon.net ([173.49.135.74] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RkjaF-0002ka-Sl for rtcweb@ietf.org; Tue, 10 Jan 2012 15:50:20 -0600
Message-ID: <4F0CB27B.1060008@jesup.org>
Date: Tue, 10 Jan 2012 16:49:47 -0500
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F084BED.3010001@ericsson.com> <CABcZeBP7xd5Hqp52LAD6LPog+REgAmtHCm=3NiQBhw8nWGn1kg@mail.gmail.com> <4F09D6FC.7040801@ericsson.com> <4F09DF99.5070907@mozilla.com> <4F0AE5A9.7040307@ericsson.com> <4F0B0BD3.4070109@jesup.org> <4F0BF535.7010600@ericsson.com>
In-Reply-To: <4F0BF535.7010600@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Question on sec architecture proposal
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 21:50:21 -0000
On 1/10/2012 3:22 AM, Stefan Hakansson LK wrote: > On 01/09/2012 04:46 PM, Randell Jesup wrote: > .... >>> Any use trying to access the data (including using the audio element as >>> source) would throw security exceptions. >> >> I suggest starting by going back in the archives to that period; there >> was considerable discussion of the issue. > Thanks for the tip, funny how things fade away from memory.... > > I did read up, but it seems that discussion did not really end up at a > conclusion. And it was mostly discussed for the local context, never how > to ensure that the data of a stream on the other end of a PeerConnection > can not be accessed. I was talking to roc (Robert O'Callahan) last night, and he believes using cross-origin-type controls can be used to basically block the JS from getting access to the decrypted/decoded media streams. (This already exists for blocking JS access to cross-origin images.) So, no need to use tainting per-se. There certainly remains the issue of when and how the JS would get access to the streams, and without it they wouldn't be able to use some of the audio "processed streams" stuff we're working on. And if the user has to give permission for access, does this permission stick? (This is overall related to the whole "does this app/website have permission to access the camera & mic" issue.) A strawman proposal might be a "secure connection" checkbox on the getUserMedia() popup which defaults to secure. That may not be an optimum UI, however. -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Question on sec architecture proposal Stefan Hakansson LK
- Re: [rtcweb] Question on sec architecture proposal Eric Rescorla
- Re: [rtcweb] Question on sec architecture proposal Stefan Hakansson LK
- Re: [rtcweb] Question on sec architecture proposal Timothy B. Terriberry
- Re: [rtcweb] Question on sec architecture proposal Stefan Hakansson LK
- Re: [rtcweb] Question on sec architecture proposal Randell Jesup
- Re: [rtcweb] Question on sec architecture proposal Stefan Hakansson LK
- Re: [rtcweb] Question on sec architecture proposal Bernard Aboba
- Re: [rtcweb] Question on sec architecture proposal Eric Rescorla
- Re: [rtcweb] Question on sec architecture proposal Randell Jesup
- Re: [rtcweb] Question on sec architecture proposal Stefan Hakansson LK
- Re: [rtcweb] Question on sec architecture proposal Roman Shpount
- Re: [rtcweb] Question on sec architecture proposal Eric Rescorla