On 15/02/2019 0:19, Bernard Aboba wrote:
"I don’t recall, and I don’t see anything in the notes or email
consensus call, that would suggest the consensus included anything
along the lines “it’s okay to let the js application have the media
keys.”
[BA] The PERC framework document only mentions that the endpoint is
trusted, but does not go into further detail. That detail becomes
important when attempting to understand the provable security
properties of PERC (e.g. what attacks are prevented, what attacks are
still allowed). As an example, if the goal is not only to protect
against access to cleartext media within the MDD, but also the ability
of endpoints to mis-use the cleartext media (e.g. to create "deep
fakes"), then it is necessary to restrict access to cleartext media
within the PERC application itself (e.g. no ability to record or even
modify cleartext media). That goes beyond the "no access to media
keys in JS" dictum to "no access to cleartext media for any PERC
application, native or Web". Once you've gone there, the distinction
between the problem solved by PERC and content protection technologies
begins to disappear. Keep in mind though that technologies such as
EME are transport-independent - EME can be used when transporting
media over the SCTP data channel, for example.
Indeed. Any true end to end encryption for webrtc that must be
integrated with IdP and isolated media streams IMHO.
Best regards
Sergio
