Comments (10)
Fortunately, May 17 14:00 Berlin time slot would be good to me, because I'll be available after 21:00 in Tokyo (14:00 in Berlin) on that day. Many thanks, @anssiko!
from openscreenprotocol.
I think the initial focus, as mentioned in the Charter, should be on ensuring that the target device is the one selected by the user (i.e that there is no man-in-the-middle). Is this what you mean as UA-to-UA ?
from openscreenprotocol.
Yes. What's in scope for this initial RFP is securing the transport between the controlling and receiving UA, from either passive eavesdropping or MITM; this is explicitly called out in the charter.
Once that layer is specified, additional security layers can be built on top. However, that work is not explicitly listed in the charter, and would likely be considered out of scope without a charter amendment.
from openscreenprotocol.
Is it correct that device paring in Mozilla proposal can be one of the candidate mechanisms, for example?
from openscreenprotocol.
I'm not sure I follow where secure transport is explicitly out of scope (I'm reading item 2 under Scope of Work and item 1 under Deliverables in the charter).
from openscreenprotocol.
@tomoyukilabs Yes the Mozilla proposal is certainly a candidate and they are invited to write it up and submit it here.
@chrisn That was a mistake, thank you for catching it :) I corrected my earlier comment.
from openscreenprotocol.
Mozilla's Device Pairing proposal by @schien is being discussed at F2F, minutes:
https://www.w3.org/2017/11/07-webscreens-minutes.html#x14
from openscreenprotocol.
From https://www.w3.org/2017/11/07-webscreens-minutes.html#x16:
- ACTION: @schien to contribute J-PAKE proposal to repo
- @mfoltzgoogle ACTIONs:
- review Internet-Draft for ecjpake
- propose adding identity assertion step to J-PAKE proposal.
- compare J-PAKE proposal with similar features in Chrome (remote desktop pairing)
from openscreenprotocol.
@tomoyukilabs provided a document detailing J-PAKE for discussion (thanks!), see https://github.com/webscreens/openscreenprotocol/blob/gh-pages/j-pake.md
from openscreenprotocol.
(@tomoyukilabs, would you prefer the J-PAKE discussion, now May 17 14:00 Berlin time slot, to be moved to F2F Day 2 May 18 to avoid conflict with your another business in Japan on May 17? Remote call in details to be provided shortly.)
from openscreenprotocol.
Related Issues (20)
- Certificates should have a maximum lifetime, and SPAKE2 identities should be SPKI not cert fingerprint HOT 1
- Seek horizontal reviews on the spec HOT 1
- Clarify `time-scale` field HOT 2
- Cross-spec links are broken HOT 6
- How to control the sender side on the receiver side
- `color-gamuts` could be a single value and not a list
- MIME types and metadata encoding for Dolby Vision formats
- Matter protocol similarities HOT 4
- Remote control of Media Session
- Reallocate message type IDs?
- start looking at mechanisms to exchange information between W3C and CSA on Matter
- OSP protocol split HOT 1
- Define re-sync behavior for capabilities on network reconnection
- Explore multi-device timeline sync protocol with sub-10ms precision
- Media Over QUIC
- Representation of time in remote-playback-state
- Clarity on the use of Friendly name HOT 1
- Clarification on Negotiating Connection IDs
- Mandate unidirectional QUIC streams
- Add guidelines on how CBOR messages are mapped onto streams HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openscreenprotocol.