a. Can we trust the central conferencing server to negotiate isolation on remote tracks in DTLS? If not, couldn't untrusted JS access the remote media and do inappropriate things (e.g. recording, cloning and resending, etc.)?
b. If the JS is untrusted, couldn't it neglect to use CSP policies to allow data to be leaked?
c. Are there requirements for Forward Secrecy (FS) or Post-Compromise Security, such as is described in draft-ietf-mls-architecture?
d. Is the security model (e.g. isolation) dependent on Identity? Or are the underlying assumptions similar to MLS (e.g. an Authentication Service and a Distribution Service) and cryptography?
aboba
commented
5 years ago
So far, the Secure Web Conferencing Use Case PR doesn't contain any requirements. Some questions:
a. Can we trust the central conferencing server to negotiate isolation on remote tracks in DTLS? If not, couldn't untrusted JS access the remote media and do inappropriate things (e.g. recording, cloning and resending, etc.)?
b. If the JS is untrusted, couldn't it neglect to use CSP policies to allow data to be leaked?
c. Are there requirements for Forward Secrecy (FS) or Post-Compromise Security, such as is described in draft-ietf-mls-architecture?
d. Is the security model (e.g. isolation) dependent on Identity? Or are the underlying assumptions similar to MLS (e.g. an Authentication Service and a Distribution Service) and cryptography?