Re: [rtcweb] Use Case draft (privacy)

Hi,

I also agree that calling a corporate call center is an interesting use case and I think we discussed it in the past in the context of media recording and identity.

When calling your bank it is only necessary to know that you are talking to a representative of mybank.com the bank certainly does not want to release the identity of the call centre agent you are talking to. From the consumer perspective they want to be sure that the call really did reach mybank.com but from there on they have to trust the bank with their information and really this is no different for audio/video than it is for text entered on a web page and of course the bank will record the audio.

In this scenario it is really not useful to confuse the calling user with indications of whether the bank encrypts the audio/video when handling it internally or not it is enough to know that they have a secure connection to their bank. 

Regards
Andy  

> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On
> Behalf Of Ravindran, Parthasarathi
> Sent: 30 April 2012 10:12
> To: Fabio Pietrosanti (naif); rtcweb@ietf.org
> Subject: Re: [rtcweb] Use Case draft (privacy)
> 
> Fabio,
> 
> Please note that gateway shall acts as web-browser and compliance to
> RTCWeb specifications. Here, WebRTC session is between general-purpose
> web-browser like IE, Chrome in the customer side and customized web-
> browser in the site side.
> 
> Thanks
> Partha
> 
> >-----Original Message-----
> >From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On
> Behalf
> >Of Fabio Pietrosanti (naif)
> >Sent: Monday, April 30, 2012 2:35 PM
> >To: rtcweb@ietf.org
> >Subject: Re: [rtcweb] Use Case draft (privacy)
> >
> >On 4/27/12 6:35 PM, Jim Barnett wrote:
> >> I would like to see a corporate call center use case.  Specifically,
> a
> >> user downloads a web page from a corporate web site, clicks a 'call
> >us'
> >> button and is connected to a gateway server that is controlled by
> the
> >> corporation.  The communication up to the corporate boundary cannot
> be
> >> eavesdropped, but, inside the corporate boundary:  1) the
> corporation
> >> can route the call to whoever it wants (meaning that the caller can
> >> verify that he is connected to the corporation, but is not
> necessarily
> >> assured of the identity of the person he is speaking to within the
> >> corporation) 2) the corporation can eavesdrop/record the call (n.b.
> >> this is mandatory in financial institutions, and common in most
> >others).
> >
> >In that case, from a privacy perspective, it's HIGHLY RELEVANT to show
> >in the UI to the user that the call does it's encrypted up to a
> gateway
> >and not up to another peer.
> >
> >Please get back the thread on end-to-end vs end-to-site security.
> >
> >The user *must known and be aware* if a call is secured between two
> >peers or if it's not secured up to a gateway (and who control such a
> >gateway).
> >
> >Fabio
> >_______________________________________________
> >rtcweb mailing list
> >rtcweb@ietf.org
> >https://www.ietf.org/mailman/listinfo/rtcweb
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb