Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and Privacy Questionnaire #3

Closed
alvestrand opened this issue Nov 15, 2018 · 2 comments
Closed

Security and Privacy Questionnaire #3

alvestrand opened this issue Nov 15, 2018 · 2 comments

Comments

@alvestrand
Copy link
Contributor

This has been created by cut-and-paste from
https://www.w3.org/TR/security-privacy-questionnaire/, as requested in the TAG review instructions.

  1. Questions to Consider
    3.1. Does this specification deal with personally-identifiable information? NO
    3.2. Does this specification deal with high-value data? NO
    3.3. Does this specification introduce new state for an origin that persists across browsing sessions? NO
    3.4. Does this specification expose persistent, cross-origin state to the web? NO
    3.5. Does this specification expose any other data to an origin that it doesn’t currently have access to? NO

3.6. Does this specification enable new script execution/loading mechanisms? NO

3.7. Does this specification allow an origin access to a user’s location? NO

3.8. Does this specification allow an origin access to sensors on a user’s device? NO

3.9. Does this specification allow an origin access to aspects of a user’s local computing environment? YES - it allows it to affect the DSCP codepoints used on outgoing packets, and will therefore allow the application to figure out how DSCP codepoints are handled in the user's networking environment.

3.10. Does this specification allow an origin access to other devices? NO

3.11. Does this specification allow an origin some measure of control over a user agent’s native UI?
(showing, hiding, or modifying certain details, especially if those details are relevant to security)? NO - it has no UI.

3.12. Does this specification expose temporary identifiers to the web?
(e.g. TLS features like Channel ID, session identifiers/tickets, etc)? NO

3.13. Does this specification distinguish between behavior in first-party and third-party contexts?
Section 2.1 of [FIRST-PARTY-ONLY] defines "first-party" in line with existing browser behavior (Chrome and Firefox). NO

3.14. How should this specification work in the context of a user agent’s "incognito" mode? It does not interact with "incognito" mode.

3.15. Does this specification persist data to a user’s local device? NO

3.16. Does this specification have a "Security Considerations" and "Privacy Considerations" section?
NO - the security properties do not change compared to the full WebRTC spec.

3.17. Does this specification allow downgrading default security characteristics? NO
@alvestrand alvestrand mentioned this issue Nov 15, 2018
Closed
5 tasks
@dontcallmedom dontcallmedom mentioned this issue Jan 17, 2020
Closed
1 task
@alvestrand
Copy link
Contributor Author

I created a new file, with some more text, as well as a security and privacy section in the doc.

@alvestrand
Copy link
Contributor Author

The security section is #14

The questionnaire in file form is https://github.com/w3c/webrtc-priority/blob/master/security-privacy-questionnaire.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alvestrand