-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requirements for Secure Web Conferencing (Revised) #34
Conversation
Revised based on feedback from June Interim of the WEBRTC WG. Based on PR #21 submitted by Cullen Jennings
</p> | ||
|
||
<p>A possible solution this problem is the browser to negotiate end to | ||
end encryption keys which are not revealed to the JavaScript. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could mention MLS in the browser here as potential solution. I have wrote this scenario down in the federation draft
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use case doesn't get into much detail on security requirements. For example, properties such as non-repudiation, perfect forward secrecy (PFS) or post-compromise security (PCS) are not mentioned. And of course, the use case currently doesn't list any requirements.
The MLS architecture draft does a much better job of articulating the desired security properties. For example, draft-ietf-mls-architecture Section 3.2.25 discusses Non-Repudiation vs Deniability:
As described in Section 4.4, MLS provides strong authentication
within a group, such that a group member cannot send a message that
appears to be from another group member. Additionally, some services
require that a recipient be able to prove to the messaging service
that a message was sent by a given client, in order to report abuse.
MLS supports both of these use cases. In some deployments, these
services are provided by mechanisms which allow the receiver to prove
a message's origin to a third party (this if often called "non-
repudiation"), but it should also be possible to operate MLS in a
"deniable" mode where such proof is not possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Filed Issue #37 relating to security requirements.
index.html
Outdated
---------------------------------------------------------------- | ||
REQ-ID DESCRIPTION | ||
---------------------------------------------------------------- | ||
N?? TBD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the requirements list should be split between the "trusted JS" and "untrusted JS" cases, and filled in before merge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added requirements list to both use cases.
Revised based on feedback from June Interim of the WEBRTC WG.
Potential fix for Issue #37
Based on PR #21 submitted by Cullen Jennings