Security Considerations for WebRTC
draft-ietf-rtcweb-security-08

Document Type Expired Internet-Draft (rtcweb WG)
Last updated 2016-04-08 (latest revision 2015-02-26)
Replaces draft-rescorla-rtcweb-security
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state Waiting for WG Chair Go-Ahead Mar 2014
Doc Shepherd Follow-up Underway
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2015-03-19)
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Alissa Cooper
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-rtcweb-security-08.txt

Abstract

The Real-Time Communications on the Web (RTCWEB) working group is tasked with standardizing protocols for real-time communications between Web browsers, generally called "WebRTC". The major use cases for WebRTC technology are real-time audio and/or video calls, Web conferencing, and direct data transfer. Unlike most conventional real-time systems (e.g., SIP-based soft phones) WebRTC communications are directly controlled by a Web server, which poses new security challenges. For instance, a Web browser might expose a JavaScript API which allows a server to place a video call. Unrestricted access to such an API would allow any site which a user visited to "bug" a user's computer, capturing any activity which passed in front of their camera. This document defines the WebRTC threat model and analyzes the security threats of WebRTC in that model.

Authors

Eric Rescorla (ekr@rtfm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)