search

liuzhe02 / bigbluebutton

Automatically exported from code.google.com/p/bigbluebutton
0 stars 0 forks source link

RTMPS and SSL for secure communication #1747

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I've read in your documentation and all over Google Groups that the developers 
haven't worked with SSL over HTTP or RTMPS because you all are focusing on the 
functionality of tools within the system.  Even more specifically, a comment 
made by Fred Dixon 
(https://groups.google.com/d/msg/bigbluebutton-dev/_3_xPA1cULE/CHac5OpQEjUJ) is 
that you have other areas to ramp up for your target market, which is distance 
education.  Well, I work for a large distance education organization with close 
to 90,000 students, and I can say definitively that all the bells and whistles 
aside, lacking the supported capabilities of SSL over HTTP and RTMPS, these are 
huge non-starters.

Original issue reported on code.google.com by p...@silverstar-media.com on 11 Apr 2014 at 9:30

GoogleCodeExporter commented 9 years ago 
Thanks for your feedback!

Keep in mind that BigBlueButton is built buy a team of (very) dedicated 
developers.  We've been working on it now for almost six years.  Part of our 
success has been focus -- we simply do every feature at once.

Security is low on the list because, frankly, there are so many other items to 
implement on our road map.  

If you are serious about acceleration of a more secure system, you have 
options!  See

  https://code.google.com/p/bigbluebutton/wiki/FAQ#When_will_feature_X_be_implemented

Marking this issue as duplicate (see 726).

Original comment by ffdixon@gmail.com on 11 Apr 2014 at 10:18

GoogleCodeExporter commented 9 years ago 
Fred, thank you for responding.  While we certainly appreciate the work that is 
put into this tool (we absolutely do) and understand that security is low on 
your list of priorities, I would implore you to revisit where security fits 
into the equation.  Wimba, Illuminate, Adobe Connect all have their places in 
distance education, and all have had their issues surrounding security 
implementation.  Systems administrators and educators alike must do their part 
to ensure that sensitive student information is kept private.  There is no 
chance that a thoughtful educational organization will deploy a solution 
knowing that the developers actively neglected to address the privacy of 
authentication and communication data.  However, if those two parameters can be 
addressed (SSL over HTTP and RTMPS), then adoption of BigBlueButton would 
likely soar.

Either way, we'll be monitoring the development, and keep our fingers crossed 
that this will get the focus it deserves.

Original comment by p...@silverstar-media.com on 11 Apr 2014 at 11:13