Re: [rtcweb] Remote recording - RTC-Web client acting as SIPREC session recording client

Bernard Aboba <bernard_aboba@hotmail.com> Thu, 25 August 2011 22:31 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D58D21F8B42 for <rtcweb@ietfa.amsl.com>; Thu, 25 Aug 2011 15:31:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.474
X-Spam-Level:
X-Spam-Status: No, score=-102.474 tagged_above=-999 required=5 tests=[AWL=0.124, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rk0H1w-yOYX for <rtcweb@ietfa.amsl.com>; Thu, 25 Aug 2011 15:31:53 -0700 (PDT)
Received: from blu0-omc4-s5.blu0.hotmail.com (blu0-omc4-s5.blu0.hotmail.com [65.55.111.144]) by ietfa.amsl.com (Postfix) with ESMTP id 750A621F8B2D for <rtcweb@ietf.org>; Thu, 25 Aug 2011 15:31:53 -0700 (PDT)
Received: from BLU152-W21 ([65.55.111.136]) by blu0-omc4-s5.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 25 Aug 2011 15:33:07 -0700
Message-ID: <BLU152-W21EF8D37AB4A41FA82D82893100@phx.gbl>
Content-Type: multipart/alternative; boundary="_374283a2-7f3a-476a-b4a4-70c83a44f3d6_"
X-Originating-IP: [72.11.69.66]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <matthew.kaufman@skype.net>
Date: Thu, 25 Aug 2011 15:33:07 -0700
Importance: Normal
In-Reply-To: <4E56BC71.101@skype.net>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <89177AB2-F721-47E4-8471-2180EDA10615@voxeo.com> <A444A0F8084434499206E78C106220CA0B00FDB34D@MCHP058A.global-ad.net> <496EE152-41F2-49AB-A136-05735FE5A9F9@voxeo.com> <101C6067BEC68246B0C3F6843BCCC1E31018BF6BE2@MCHP058A.global-ad.net> <4E54AB9B.9090600@jesup.org> <A444A0F8084434499206E78C106220CA0B00FDB534@MCHP058A.global-ad.net> <101C6067BEC68246B0C3F6843BCCC1E31018BF6DF6@MCHP058A.global-ad.net> <4E554BCE.2040403@alum.mit.edu> <4E56399E.2020902@alvestrand.no> <A444A0F8084434499206E78C106220CA0B011C8D3B@MCHP058A.global-ad.net> <4E5682DD.5020204@skype.net>, <4E569983.8060409@mozilla.com>, <4E56BC71.101@skype.net>
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Aug 2011 22:33:07.0618 (UTC) FILETIME=[F6492020:01CC6376]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Remote recording - RTC-Web client acting as SIPREC session recording client
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 22:31:54 -0000


> > Matthew Kaufman wrote:
> >> But this is a bad idea. Providing APIs that let a browser send audio
> >> that is being received from the other end to a third party open several
> >> different cans of worms simultaneously.

> I think you need to seriously consider the security implications here. 
> Any media that originates from somewhere other than a local camera that 
> has given permission or a local microphone that has given permission 
> needs to be marked as not sendable elsewhere.

[BA] Right.  As an example, the ability to send pre-recorded audio/video within an emergency call could be used to launch "swatting" attacks with frightening realism.