Skip to main content

Security Considerations for RTC-Web
draft-rescorla-rtcweb-security-01

Document Type Replaced Internet-Draft (individual)
Expired & archived
Author Eric Rescorla
Last updated 2011-10-25 (Latest revision 2011-09-05)
Replaced by draft-ietf-rtcweb-security
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-rtcweb-security
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

The Real-Time Communications on the Web (RTC-Web) working group is tasked with standardizing protocols for real-time communications between Web browsers. The major use cases for RTC-Web technology are real-time audio and/or video calls, Web conferencing, and direct data transfer. Unlike most conventional real-time systems (e.g., SIP- based soft phones) RTC-Web communications are directly controlled by some Web server, which poses new security challenges. For instance, a Web browser might expose a JavaScript API which allows a server to place a video call. Unrestricted access to such an API would allow any site which a user visited to "bug" a user's computer, capturing any activity which passed in front of their camera. This document defines the RTC-Web threat model and defines an architecture which provides security within that threat model.

Authors

Eric Rescorla

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)