A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Real-Time Communication in WEB-browsers
Working Group of the IETF.
Title : Security Considerations for WebRTC
Author(s) : Eric Rescorla
Filename : draft-ietf-rtcweb-security-05.txt
Pages : 24
Date : 2013-07-15
Abstract:
The Real-Time Communications on the Web (RTCWEB) working group is
tasked with standardizing protocols for real-time communications
between Web browsers, generally called "WebRTC". The major use cases
for WebRTC technology are real-time audio and/or video calls, Web
conferencing, and direct data transfer. Unlike most conventional
real-time systems (e.g., SIP-based soft phones) WebRTC communications
are directly controlled by a Web server, which poses new security
challenges. For instance, a Web browser might expose a JavaScript
API which allows a server to place a video call. Unrestricted access
to such an API would allow any site which a user visited to "bug" a
user's computer, capturing any activity which passed in front of
their camera. This document defines the WebRTC threat model and
analyzes the security threats of WebRTC in that model.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-rtcweb-security-05
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-rtcweb-security-05
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
