[RTW] Addressing security (Re: WG charter, take 4)

[Harald Alvestrand]

On 02/25/11 04:15, Bernard Aboba wrote:
> Harald said:
>
> "I think the security issues need to be addressed explicitly, and it's
> not just limited to the RTP interworking case.
>
> Should we add something like the below?
>
> "The WG will evaluate the security implications of the changes proposed,
> and will ensure that adequate security mechanisms are included in the
> protocol suite"
>
> [BA] I'm thinking of a tangible output, such as a security analysis or a set
> of
> requirements that could be provided to the W3C.  In just a short amount of
> time
> we've come up with some API requirements for P2P media security (e.g.
> Javascript
> APIs to provide IP addresses, STUN APIs, etc.).  It would be helpful for
> this
> kind of thing to be written down rather than vanishing into the ether.  This
> would also make it possible to have outside security review, to possibly
> uncover
> things we may have missed.
I don't know - I'm leery of separate "security analysis" documents. The 
security coniderations section approach is not particularly powerful, 
but it serves to get security issues documented in documents read by 
people with no special interest in security.
> Harald also said:
>
> I also note that we don't seem to have said anything about congestion
> management, something we have also discussed the need for earlier.
>
> [BA] Yes, that probably also should be included.
>
Suggested text?
>
>