IETF Logo Mail Archive

Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

Lorenzo Miniero <lorenzo@meetecho.com> Thu, 12 April 2018 12:42 UTC

Return-Path: <lorenzo@meetecho.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B314E126FB3 for <rtcweb@ietfa.amsl.com>; Thu, 12 Apr 2018 05:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aruba.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahkl9aerjnRg for <rtcweb@ietfa.amsl.com>; Thu, 12 Apr 2018 05:42:02 -0700 (PDT)
Received: from smtpcmd04131.aruba.it (smtpcmd04131.aruba.it [62.149.158.131]) by ietfa.amsl.com (Postfix) with ESMTP id D2077126C26 for <rtcweb@ietf.org>; Thu, 12 Apr 2018 05:42:01 -0700 (PDT)
Received: from lminiero ([93.44.66.252]) by smtpcmd04.ad.aruba.it with bizsmtp id ZQhz1x00Q5SZVm501QhzeE; Thu, 12 Apr 2018 14:42:00 +0200
Date: Thu, 12 Apr 2018 14:41:58 +0200
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Lennart Grahl <lennart.grahl@gmail.com>
Cc: rtcweb@ietf.org
Message-ID: <20180412144158.44733ac7@lminiero>
In-Reply-To: <e5e2a517-d29a-117c-ab79-6f01fa62b843@gmail.com>
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <63282b84-4493-3fcb-a95f-4afe17d96bb6@cs.tcd.ie> <CAOJ7v-1gTq+EEjb+-q-T-pABBW--rpNGegoj_d2_7f7AKGksCA@mail.gmail.com> <403713b4-31d4-9085-d639-d3f60935ed5a@cs.tcd.ie> <CAOJ7v-0ED-FK=JmSxBJYfM=PCdgY6kmbiq6aFLcP7OXugG07EA@mail.gmail.com> <e6938f7d-542d-736b-0a3d-9269d7dd06e5@cs.tcd.ie> <CAOW+2dv1ORz2tEkgDTvdM1DtgyOdgXqKU30T4QhLAp1NT+rirg@mail.gmail.com> <CAOJ7v-0tCcg3FdzyfSJ6Y3JaH-TivFf-Sey6+tD8BANJKsjqtQ@mail.gmail.com> <1fceb3c4-35f3-34f7-de1d-79d5805e6d22@gmail.com> <9517D601-D3E8-46E1-94E5-7EC29FD6319B@sn3rd.com> <b5d323ac-2205-2aee-05c9-f270e80215f5@gmail.com> <CAOJ7v-0+hr-NddbLCwgjkfyEFEzoLYW8BcE5OYZ+HUiqDRnarg@mail.gmail.com> <0dee004d-159a-a9be-a0b8-ecbfd4204d72@gmail.com> <06252a76-f12e-4d8d-4a07-5240a7605bce@gmail.com> <914e0220-e3cc-00d7-0925-e5deb8b07e75@nostrum.com> <AFDFD3F3-4798-4716-B26C-A67457BF2C65@sn3rd.com> <e5e2a517-d29a-117c-ab79-6f01fa62b843@gmail.com>
Organization: Meetecho
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aruba.it; s=a1; t=1523536920; bh=JH8/ycDOz0WKtvNYLKKFCl41hAcMvtxhxzM71V7KvbY=; h=Date:From:To:Subject:MIME-Version:Content-Type; b=grE8996gaYO6akppUjQRTMbu6Lst/7yLp9S2SwuOOXgQ7hzoR01vp0JIrP1J4qEB0 FbT7HDv1voC6sltNBDNQrBL4XhUWwzJKyNkvCZ24Savp7U6QVAJzKMVTlnrFtE35+c nZj3NBWC6IV84kgx4J8b7tHwx3DogFouXLP82EXjPeX8YgoScnKT4hxm16vHvs6BqU WAsDCVZz/205MdNTKAnhRU6/0SFIvLEMPYeBrp9EXlSr5oo51/DOVUQebKK+/PMFxY eQyqInp9UDISub584449hI+AXqGxRI+ue10dS6P55K3xiE35MTa2TZxvq3VeMhM1Vi juMjCL0+uejyQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/zz0SZK7OhT_dwPtuLTT3RgbcqNQ>
Subject: Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2018 12:42:06 -0000

On Thu, 12 Apr 2018 14:22:17 +0200
Lennart Grahl <lennart.grahl@gmail.com> wrote:

> On 12.04.2018 00:31, Sean Turner wrote:
> >> On Apr 11, 2018, at 16:10, Adam Roach <adam@nostrum.com> wrote:
> >>
> >> [as an individual]
> >>
> >> On 4/11/18 1:15 PM, Lennart Grahl wrote:  
> >>> Since I haven't seen a satisfactory response so far, let me
> >>> rephrase this as a question: Can anyone explain to me why that
> >>> approach is not considered a valid alternative to getUserMedia?  
> >>
> >>
> >> I think you're not getting a lot of response here because what
> >> you're proposing is well within the bounds of what the current
> >> document says. gUM is offered as a non-normative example, but
> >> that's all it is. If you believe that document changes are in
> >> order, perhaps a concrete proposal along the lines of "change the
> >> text <x> to be <y> instead" or "add text <z> at the end of section
> >> <q>" would produce more conversation.  
> 
> Thanks, this and the response from Bernard is good feedback that I
> should provide a more concrete proposal next time.
> 
> > As the draft’s Shepherd trying to figure out how to bring closure
> > on this issue, I like to offer a summary:
> > 
> > There’s some discomfort with the use of the term “user consent” as
> > well as the non-normative example provided for how to get it. The
> > problem with changing the term to something else is "user consent"
> > is a term of art; we can’t really qualify it with something like
> > “informed”, because we’d need to explain what that means (and well
> > GDPR …), and; frankly the term is used extensively in the other
> > security draft that we pruned ip-handling from.  The problem with
> > changing the non-normative example is that there don’t seem to be
> > other attractive/realistic alternatives.
> > 
> > What I’d like to do is remind everybody that we pruned this draft
> > from the other security drafts to allow it to be updated faster
> > because it’s about a much narrower subject.  With this in mind and
> > Bernard’s long list of questions, I would like to propose that we:*
> > 
> > 1) Add another sentence (from Tim) that indicates there are other
> > alternatives:
> > 
> >       Alternatively implementations can provide a separate
> >       mechanism to obtain user consent.
> > 
> > 2) Progress the draft out of the WG.*
> > 
> > 3) Update/Obsolete this draft, when a much superior alternative
> > emerges.
> > 
> > spt
> > 
> > * Also "hold your nose" if you’re sad about this proposal but are
> > willing to begrudgingly live with the rough consensus; it’s rough
> > and we noted this in the Shepherd write-up.
> > 
> > ** Remember that during the IETF LC we (or somebody in the wider
> > IETF community) might come up with something during the IETF LC.  
> 
> I realise I've joined a tad late and it should be clear by now that I
> have a strong reluctance when it comes to using getUserMedia for the
> purpose of getting consent to use mode 1. But you are correct, it is
> non-normative and I'm more irritated by the implementations that don't
> provide an alternative than this document. Still, I would appreciate
> if the sentence from Tim you mentioned in 1) will be added.
> 
> Regarding 3): Like Bernard, I'm unsure how to determine a "superior
> alternative" (especially in the context of a non-normative section).
> 


Since there seems to be a call for proposed text:

	The details of this consent are left to the implementation; one
	potential mechanism is to tie this consent to getUserMedia
	consent.  It should be noted, though, that getUserMedia
	consent is typically only required when users are supposed to
	share media content from their local devices. This may not
	always be the case, e.g., in scenarios where users will only
	be receiving media (e.g., a broadcast), or when
	PeerConnections are created for the sole purpose of setting up
	datachannels. Requiring getUserMedia consent when it's not
	really needed may end up discouraging users from establishing
	a media session, or getting unwarranted access to more
	information they meant to share. As such, alternative and more
	appropriate means for getting user consent for Mode 1 are
	suggested.

Probably overly verbose, but it voices my (and I think Lennart's)
concern with the current text.

Lorenzo

-- 
I'm getting older but, unlike whisky, I'm not getting any better
https://twitter.com/elminiero

v2.23.0 | Report a Bug | By Email