Thanks for your review, Russ! > In several places, the document says: "These confidentiality protections > do not apply to data that is sent using data channels." It took me a > moment to figure out what was being said. I think it would really help > the reader to say at the beginning something like: "The confidentiality > protections ensure that media is protected from other applications, but > the confidentiality protections do not extend to traffic on the data > channels." > > Section 3 includes this paragraph: > > Generally speaking, ensuring confidentiality depends on > authenticating the communications peer. This mechanism explicitly > does not define a specific authentication method; a WebRTC endpoint > that accepts a session with this ALPN identifier MUST respect > confidentiality no matter what identity is attributed to a peer. > > I understand why authentication and confidentiality are often used > together. However, it is very unclear to me why there ought to be a > linkage between c-webrtc and authentication since this service really > is only a promise to not share media with other applications. > > A similar discussion in the security considerations talks about > assurance that the "media was delivered to the user that was > authenticated." Again, if there is no authentication, I do not see > how the assurance associated with this mechanism changes. I agree with the above points. Authors, have you seen these are you preparing any edits? Jari > Nits: > > After reading the whole document, I went back and read the Abstract > again. I do not think it captures the real intent of the document. > I have tried to provide an alternative, but it probably needs further > work: > > This document specifies two Application Layer Protocol Negotiation > (ALPN) labels for use with Datagram Transport Layer Security (DTLS) > and Web Real-Time Communications (WebRTC). With the first label, a > DTLS session is used to establish keys for Secure Real-time Transport > Protocol (SRTP), known as DTLS-SRTP. The second label also uses > DTLS-SRTP, but the peers also agree to maintain the confidentiality > of the media by not sharing it with other applications. > > _______________________________________________ > Gen-art mailing list > Gen-art@xxxxxxxx > https://www.ietf.org/mailman/listinfo/gen-art
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail