[rtcweb] Single-origin and consent

[Randell Jesup <randell-ietf@jesup.org>]

On 10/20/2011 11:36 AM, Eric Rescorla wrote:
> On Thu, Oct 20, 2011 at 7:32 AM, Bernard Aboba
> <bernard_aboba@hotmail.com>  wrote:
>> No, I'm saying that *if* a developer remains within the "single origin"
>> model, that a number of requirements for peer-to-peer operation do not
>> apply.
>>
>> Also that the APIs should also enable media to be sent over a websocket to
>> the "single origin" as well as a PeerConnection.
>>
>
> I don't think I'm following you're argument. ISTM that there are two
> conditions that one
> might term "single origin":
>
> 1. Alice and Bob are on the same site (e.g., PokerStars) and are
> calling each other via P2P media,
> 2. Alice and Bob are on the same site and are calling each other
> via media over WS.

I'll add a third: Alice and Bob are on the same site, and are 
participating in a (potentially) multi-person conference run through the 
site, which is acting as a mixer or at least relay.  Media is sent via 
normal PeerConnection channels, encrypted with DTLS-SRTP.  In this 
limited case, each participant is sending media to the same site (*) as 
the JS code is loaded from.

So, the questions here would be
a) can we relax ICE consent checks if the site/app so wishes and
b) should we?

I think we can (if the app tells us to, since it's "same-origin" and the 
app should know), but I'm a little less certain of the "should".  Is 
there an attack wherein someone could 'host' some JS content (app) on a 
site and use it to attack/DoS that site from multiple places?  It seems 
at least plausible.


-- 
Randell Jesup
randell-ietf@jesup.org