On Sat, Oct 25, 2014 at 3:24 PM, Jonas Sicking <jo...@sicking.cc> wrote:
> On Sat, Oct 25, 2014 at 7:51 AM, Eric Rescorla <e...@rtfm.com> wrote: > >> > Unfortunately, for the reasons I mentioned in the post I linked to > >> > above, > >> > it's hard for the user to give informed consent here, as they don't > >> > understand > >> > SOP, CSRF, etc. > >> > >> It's unclear to me what you are suggesting that we should or should not > >> do. > > > > Well, as I said above, FF 33 is already shipping what MT and I were > > able to come up with on short notice, namely: > > > > - A whitelist of the sites that are "legitimate" conferencing sites > > This seems like an extremely unfortunate. As should be clear from the above, I agree it's suboptimal. > What's the process for > getting added to that whitelist? See: https://wiki.mozilla.org/Screensharing How do we enable a startup that wants > to compete with Skype to do so? See above. > Will they have to go to each browser > to ask to be added? I believe that Chrome currently requires an extension to enable screensharing. The feature isn't generally available to Web content in Chrome for the same reason that we are restricting it. > How do we enable a new web browser that wants to > enter the browser market to know which websites it should whitelist? > Is the whitelist compiled in at build time, or do we have the ability > to update old browsers? > I don't know the answer to this question. This feature was implemented by Brad Lassey's group, so you should ask Brad or Maire. > To my knowledge no standardized feature of the web platform has ever > before been built around whitelisting websites. As I said, we're hoping to remove the whitelist by figuring out a set of technical mechanisms that protect and/or inform the user. If you have any good ideas along these lines, I would certainly be happy to hear them and I'm sure the WebRTC team would as well. -Ekr _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
