►
From YouTube: IETF97-RTCWEB-20161116-1520
Description
RTCWEB meeting session at IETF97
2016/11/16 1520
A
A
A
A
Apparently
you're
going
to
have
to
read
this
in
korean.
It's
still
the
note.
Well,
it
just
happens
to
be
the
note.
Well
incur.
Actually
we
might
be
paying
more
attention
to
it,
because
now
really
the
RFC
53
78,
really
pops.
Doesn't
it
right?
I
remind
you
that
whether
you're
here
in
seoul
in
chicago
in
prague,
in
where
that
we're
going
after
that
seem
to
recall
this
applies.
If
you're
going
to
get
up
and
talk,
you
have
to
be
aware
of
your
duty
to
disclose
any
IP
are
relevant
to
your
contributions.
So
really.
A
D
F
B
A
Related
to
Jay
set,
then
we'll
do
IP
handling
effect
and
then
draft
code
called
Copeland
urgency.
Web
PDP
IDP
because
its
author
is
leaving.
The
current
theory
is
that
on
Friday
we
will
handle
any
overflow
items
from
today's
meeting.
There'll
be
a
new
puppy
picture,
I
swear,
it
might
be
otters.
The
river
puppy
will
go
into
the
overview
draft
and
security
architecture
grounds.
Now,
of
course,
if
we
finish
today,
you
get
Friday
back.
So
you
have
that
inducement.
I
believe
the
first
order
of
business
is
Cullen.
G
G
We
will
explain
in
the
bundle
draft
how
you
get
from
that
to
an
end
section.
We
won't
talk
about
specific
terminology
that
would
be
used
in
the
J
subtract.
Then
in
the
J
sub
draft
will
refer
back
to
the
bundle
draft,
because
we
already
do,
and
we
will
also
say
that
you
know
once
you
get
it
to
the
right
m
section
that
corresponds
to
a
transceiver
and
now
you
know
what
to
do
it.
G
So
that's
if
that's
mostly
just
a
here's,
how
we're
going
to
move
the
text
around
and
clarify
it
a
little
bit,
not
change
the
other.
The
algorithm
change
that
with
that
opposing
making
is
right.
Now,
if
you
have,
you
can
use
the
payload
type
as
a
hint.
If
you
don't
have
any
other
information
to
know
which,
in
line
that
should
go
to
you,
don't
have
SSRC
signaling
or
you
don't
have
that
any
mids
in
the
packets
or
something
you
can
use
the
payload
type
to
figure
out
which
M
line
to
send
it
to.
G
If
the
all
the
payload
types
are
unique
across
every
in
line
and
what
the
giraffe
says
right
now
is
that
if
it's
not
unique
across
all
the
in
line,
so
you
go
to
the
first
one
and
the
change
that
we're
proposing
making
is
to
say
that
if
it's
not
unique,
you
discard
the
packet.
If
you
don't
know
which
one
it
is
because
Magnus
pointed
out
that
this
was
just
like
a.m.
G
you
know,
non
sensible
location
if
you're
trying
to
deem
oxys
things
based
on
payload
types
and
your
payload
types
aren't
unique
across
the
pay
lot,
that
M
lines
like
something's
gone,
really
badly
rock
and
when
something's
gone,
really
badly
wrong.
Just
letting
it
sort
of
work
in
some
weird
way
is
probably
not
the
right
answer.
Probably
getting
an
error
like
having
it
not
work
would
be
better.
So
that's
the
only
proposed
change.
I
think
it's
pretty
minor
I've
gone
through
that
with
I.
Think
a
lot
of
the
people
would
probably
be
worked
up
about
it.
G
They
must
seem.
Okay,
I
think,
I.
Think
it's
pretty
minor
change
that
it's
not
cause.
You
think
so
two
questions.
You
know
people
alright
with
that
basic
technical
change
composing
and
to
the
algorithm
and
then
the
other
question
is
you
know
in
any
objections
to
this
basic
idea
of
doing
these
two
PRS
I
want
to
get
these
reviewed
pretty
quickly
afterwards,
I
mean
I,
know
people
can
agree
to
them.
Do
they
see
them?
But
that's
that's
the
basic
plan,
any
objections,
excellent,
okay,
Peter
and
I
will
keep
working
on
that
and
thank
you.
G
I
John
really
apart,
Renata
boba
says
this
mean
Petey
overlap
is
illegal
and
bundle
and
as
on
the
previous
topic,
sorry,
I
missed
the
comment
and
the
answer
is
no.
It
means
that
you
actually
have
to
use
mid
like
you're
supposed
to
and
not
try
to
use
PT
/
quickie
if
you're
doing
PT
overlap.
You
have
to
use
mid,
but
you
have
to
use
mid
anyway.
So
that's
not
a
huge
hardship.
C
C
Next
slide
or
option
is
considered
next
solution,
a
invalidate
all
all
all
the
all
the
offers.
Every
time
you
call
create
off,
you
can't
do
any
little
hole
stuff,
no
changes
to
Krista
code,
that's
really
nice!
They
saw
almost
everything
we
say
here
apply
to
create
answer
to
next,
or
we
could
say
that
when
you
commit
to
offer
when
you
lose
that
local
description,
then.
J
C
Hey,
that's
good,
give
it
and
the
objection
we
had
the
solution
be
was
that
if
the
first
slide
describes
a
problem,
this
does
this
still
has
the
problem.
So
it's
caught
that
next
solution
see
well
remove,
set
remove
that
local
description,
it's
a
stupid
call
anyway.
Instead,
we
should
make
a
call
saying,
call
or
offer
well
the
problem
with
that
is
that
it
requires
rewriting
every
every
application
existence
which
is
kind
of
not
popular
anymore.
C
Next
and
of
course,
then
we
come
up
with
solution
d,
which
is
kind
of
like
solution,
see
that
is
backwards,
compatible
yeah
backwards.
Compatibility
of
that
so
subtle
local
description
does
something
interesting.
It
will
do
what
create
offer.
It
will
set
the
local
description
to
what
create
of
created
last
and
the
story,
and
of
course,
that
means
that
colon
great
office
could
actually
be
made
optional.
Why
should
you
do
it?
The
turn
out
to
be
one
little
wrinkle,
Pierre
answer
with
Pierre
answer.
C
C
So
scratch
it,
so
we
thought
yeah
we
can
make
it
make
it
good.
I
mean
this
is
for
orientation,
because
this
is
strictly
a
WebRTC
matter.
It's
just
a
matter
of
the
shape
of
the
IP
of
the
API,
not
it's
not
about
what
anything
that
goes
into
jsf
at
all.
They
kind
of
subtle
this.
The
thing
we're
suggesting
is
that
and
create
local
description,
invalidates
all
previous
offers
and
a
way
we're
suggesting
it
should
be
done
in
the
API.
Is
we
actually
pass
it
behind
the
scenes
set?
C
So,
instead
of
having
set
local
description,
take
an
argument
assess
yes,
the
sdp
first,
what
kind
of
operation
of
the
earth
men
always
be?
You
just
say
what
kind
of
operation
is
this
so
apply
that
across
browsers
for
backwards
compatibility
sake?
Next
slide,
we
say
if
you
have
an
offer:
okay,
we'll
eat
that
too,
and
take
the
argument
outlets
and
if
you
send
us
a
long
as
the
P
will
complain
and
next
time
around
we'll
make
it
illegal.
Because
that's
what
you
do
after
having
complained
for
a
while
and.
C
Next
time,
so
the
nice
thing
is
that
no
app
gets
broken
for
anything
that
is
guaranteed
to
work
today.
There
are
cases
where
things
might
have
worked
today,
we're
not
sure
why
there
should
ever
work,
but
might
they
might
have
work
today
where
they
will
love
now
we're
broken,
but
then
they
were
not
guaranteed
to
work
anyway,
and
the
last
thing
is
this:
the
app
gets
simpler.
C
Let's
back
yet
simple,
will
cook
up
a
pull
request
between
us
to
the
WebRTC
spec
and
get
that
in
there
if
we're
not
cut
down
by
missiles
of
fire
from
the
room
hand
from
Justin
okay.
Next,
it's
a
bit
increase
it.
Yes,
but
since
we
want
to
be
backwards,
compatible
names
are
going
to
the
strange
lose
a
few.
Next.
C
C
L
C
G
So
it's
Colin
I
was
going
to
mention
the
role
actuator
well
coverage,
and
I
saw
I
like
this
solution.
It
sounds
like
a
good
path
to
me,
but
what
win
it?
You
know,
the
answer
doesn't
just
set
the
local
stp.
It
start
sending
stuff
with
the
new
local
stp.
So
does
the
timing
of
things
change,
I
mean
the
timing
like
when
is
the
timing
of
when
you
start
using
that
new
thing
and
Union
proposal
deep?
Is
it
when
you
called
create
offer
or
when
is
it
or
is
it
when
you
call
the
set
answer
when.
G
C
M
C
Me
mumble,
because
create
offer
in
have
have
remote
description.
State
should
not
do
anything
sensible,
I
forget
whether
the
spec
actually
assess
that
it's
the
Turner's
matter.
What
that
crazy
answer
should
create
offer
shouldn't
be
possible
to
do
insert
in
there
in
the
habitable
description
states,
rights.
M
Is
because
the
way
sort
of
simple
current
code
works
is
that
whether
you
call
create
offer
a
create
answer?
You
can
just
pass
whatever
you
get
back
into
set
local
description,
you
don't
actually
you
know
your
code
may
not
need
to
know
whether
it's
an
offer
or
an
answer.
Now.
Your
code
needs
to
know
whether
it's
an
offer
an
answer
and
get
it
right.
It's
open.
N
N
E
K
Don't
we
want
to
make
sure
that
if
the
application
thinks
it's
passing
in
like
X
that,
like
it's
not
going
to
get
X
that
like
something
breaks?
Yes,
we
should
so
I
have
the
buckle
at
them.
So
basically,
whatever
the
last
thing,
the
last
argument
to
create
offer
what
if
they
either
create
offer
Korean
secrete
answer
or
whatever
the
last
thing
that
was
called
we're
going
to
assume
that's,
what's
being
passed
into
that
local
description.
O
Yes,
here's
Thatcher
well
I
think
it
would
work
that
if
you
passed
an
offer
they
would
apply
the
last
offer
you
created.
If
you
passed
an
answer
it
called
you
would
apply
the
last
answer
you
created,
you
wouldn't
call
create,
offer
and
then
pass
an
answer
and
expect
the
percent
local
description
answer
and
expect
the
offer
to
be
applied.
Yeah
that.
O
K
C
K
K
Elin
yeah
I
mean
the
fact
that
egg
that's
a
local,
is
Miller
quite
the
mirror
of
set
remote,
I
think,
is
kind
of
heading
down.
You
know
a
complicated
path
like
I
think
we
should
fix
the
problem,
we're
sort
of
charge
to
fix
here
and
not
decide
that
we're
going
to
let
go
remodel
like
the
kitchen
while
we're
at
it.
G
Lost
on
what
the
problem
is
that
we
think
this
salt,
because
it
seems
to
me
that
the
case
you're
talking
about
here
already
if
we
didn't
change
anything
in
the
draft
when
you
went
to
apply
that
it
would
say
like
the
generation
of
this
SDP,
doesn't
match
the
preview
that
the
generation
of
the
the
create
offer
like
like
this
is
wrong.
I
mean
you
modified
the
SDP
in
a
way.
That's
not
allowed
so
I
believe
I'm,
not
seeing
what
change
your
actually
proposing.
I
believe
the
draft
currently
creates
an
error.
G
G
A
generation
of
sdp
and
then
you
generate
another
generation
of
stp
when
you
set
local
the
current
text
that
says
you're
not
allowed
to
change
the
sdp
will
go
whoa
dude.
That
stp
is
changed
because
it'll
have
a
different
things
in
it
and
it
won't
work
a
bit
and
it's
the
version
number
that
will
have
rotated.
N
C
G
The
problem,
all
you
see
the
problem
with
all
of
your
solutions:
is
they
ignore
roll
back,
so
it
makes
it
a
little
bit
harder
to
analyze
these,
but
I
think
this
is
right
on
create
offer
but
wrong
on
create
answer,
but
I
don't
know
again:
I'm
I,
guess
I
I
favor,
the
the
simplest
version
of
fixing.
This
would
be
something
that,
generally,
that
an
error
when
you
passed
in
sdp
that
was
not
a
rollback
and
not
not
the
most
recent
thing.
Yeah.
It
had
been
changed
since
the
most
recent.
G
K
Adam
rose,
I
want
to
come
and
speak
up
in,
and
you
know
I
know
that
this
is
a
bike
shed,
but
I
wanted
to
speak
in
favor
of
that,
because
I
think
what
we
found
here
is
there's
a
circumstance
that
everyone
thought
it
said
something
someone
discovered.
It
said
something
else
and
we
should
just
make
it
say
the
thing
we
all
thought
it
said
in
the
first
place,
because
anything
else
is
just.
O
Well,
just
to
remind
ourselves
of
we
had
almost
the
exact
same
discussion
on
Monday
and
there
was
concerns
over
breaking
existing
apps.
So
we
decided
to
have
a
study
group
or
whatever
we
called
it,
and
the
study
group
came
back
and
said:
yes,
we
can
do
a,
but
if
we
do
this
tweak
to
the
API,
we
can
roll
out
change.
That
would
prevent
breaking
anybody.
O
K
O
Well,
if
you
look
at
the
slides
that
have
the
steps,
if
we
basically
tell
app
developers
to
use
a
slightly
different
API,
where
they
pass
in
the
type
instead
of
the
whole
session
description,
then
after
that
point
we
can
start
rejecting
things
and
it
will
give
them
time
to
switch
over
to
a
state
where
they
wouldn't
blow
up
great.
But
I.
K
Get
if
we
tell
them
to
if
we
need
to
tell
them
to
change
their
behavior,
then
we
can
do
whatever
we
want.
This
is
for
people
whose
code
is
already
written.
It
will
not
change
behavior,
yeah,
yeah,
Adam
Roche,
again,
not
to
put
too
fine
a
point
on
it,
but
the
code
that
was
doing
that
doesn't
work
in
firefox
anyway.
O
So,
just
to
be
clear:
if
we
don't
care
about
breaking
anybody,
then
we
wouldn't
have
needed
the
study
group
at
all.
We
would
have
gone
with
a
which
is
kind
of
what
we
decided
on
Monday,
but
we
did
the
study
group
for
breaking
not
breaking
anybody,
but
if
it's
true
that
you're
there
already
broken,
then
all
right
who's
do
a.
F
B
K
K
K
K
There
is
a
specific
discussion
around
r-tx
and
how
at
some
points
with
the
over
RT
t
is
low,
RTX
may
be
in
fact
be
preferable
to
using,
in
fact
on
also
when
using
on
later
codex,
such
as
vp8,
it's
advisable
to
only
protect
the
base
layer
as
opposed
time
to
protect
the
entire
video
stream.
I
also
clarified
the
implementation
requirement
of
what
exactly
browse
or
implications
need
to
support.
K
Also,
there
was
a
lot
of
discussion
from
Magnus
and
Stefan
post
on
how
the
max
read
parameter
for
a
marsh
be
handled.
I'm
ex
was
kind
enough
to
send
me
a
link
to
the
document
for
GBP,
where
it
describes
how
that
should
be
set,
and
that
is
now
codified
into
document
that
max
read
must
be
filled
in
when
you're
using
AMR
just
indicate
how
much
effect
the
decoder
can
handle,
but
that's
pretty
much
the
totality
the
changes
and,
as
such,
I
think
this
document
is
ready
for
a
last
call.
A
A
K
K
Basically,
in
response
to
that,
I've
tried
to
respond
to
I
think
the
concern,
which
was
that
there's
a
bit
of
an
assumption
made
here
about
the
bold
text
that
was
did
not
go
over
well
and
the
new
text,
while
being
a
bit
longer,
tries
to
sort
of
not
make
any
specific
requirement
exactly.
How
in
plantations
need
to
behave
and
just
give
one
example
of
here's
how
someone
might
want
to
handle
the
sort
of
the
complex
problem
about
getting
actually
consent
for
network
enumeration.
So
all
night
I
won't
read
this
out
loud
I'll.
K
But
that
is
the
only
slide
here
that
was
the
most
contentious
topic.
You
know
from
the
last
time
we
talked
about
it,
I
hope
this
new
text
will
sort
of
satisfy
the
concerns
that
were
brought
to
the
mic.
If
this
seems
okay,
it
would
be
great
to
get
some
feedback
on
that
there
is
so
this
document
is
pretty
close
to
being
ready
for
a
last
call.
There's
still
some
mechanical
stuff
I
need
to
do
to
include
the
appropriate
RFC
2119
language,
but
this
was
like
the
biggest
open
issue.
E
A
G
Culinary
I
I'll
say:
I
I
will
be
what
I've
said
with
no
ask
for
the
working
group
to
change
anything
but
I
mean
I.
I
always
had
viewed
the
beginning.
Access
to
use
a
camera
implied
granting
access
to
my
network
as
sort
of
like
hysterically
bad
but
I
don't
have
a
better
suggestion
and
I
like
Duke
and
I
I
can
live
with
this
I'm.
Not
you
know,
I
don't.
I
don't
agree
with
it,
but
I
think
I've
said
my
piece
before
and
it's
been
heard
and
I'm
done.
P
This
is
DK
j
@
similar
to
Colin
I.
You
know,
network
location
is
an
entirely
different
thing
from
access
to
the
camera
conflating.
The
two
seems
very
weird
to
me:
I
agree
most
strongly
in
this
text
here
about
the
underlying
issue
is
complex
and
difficult
to
explain,
making
explicit
consent
for
enumeration
troublesome,
so
I
don't
have
any
fixes.
P
The
guidance
I
would
like
to
see
is
if
people
could
think
through
an
experiment
with
some
kind
of
attempt
to
use
public
network
addresses
and
then
gradually
fall
back
to
things
that
might
be
more
sensitive,
but
I
realized
that's
going
to
be
worse
performance
initially,
which
is,
of
course
not
what
people
want
to
see
so
I,
don't
I,
don't
know
how
to
recommend
a
fix
for
this.
Unfortunately,
but
it's
it's
I'm
still
not
happy.
A
K
K
A
Okay,
so
in
that
case
you
would
you
would
not
do
the
possible
candidate
gathering
until
some
form
of
user
consent
has
been
provided.
The
problem
is
exactly
what
the
form
of
user
consent
to
provide
when
we
don't
have
like
a
great
model
in
our
minds
for
hi.
Would
you
like
to
understand
and
deep
detail
just
how
user
sensitive
the
various
locations
that
you
might
be
revealing,
given
different
IP
addresses
to
a
user?
So
I
guess
that
let's
go
back
to
the
line,
since
I'm
wandering
off
of
clarification
there
ever.
N
N
Yet
the
behavior
and
both
these
texts
describe
exactly
the
same
in
exactly
the
same
behavior
and
so
Franco
I
thought
we
had
agreement
that
this
was
the
behavior
on
and
and
we
were
only
debating
what
how
we
ought
to
rationalize
it
and
and
find
its
prime
time
on
that.
But
I'm
actually
disappointed
see
us
real
litigating.
Yet
again
what
the
behavior
would
have
been
on
so
I
believe
we
had
contested
on
this
I'd
like
to
change
the
rule
discussion
of
what
the
behavior
ought
to
be
otoscope.
A
Cut
rd
with
my
chair
hat
on
I,
don't
think
that
this
discussion
is
necessarily
relitigate,
but
it
is
important
that
the
language
actually
be
clear
to
any
application
were
vendor
on
what
this
actually
means,
and
so
all
of
this
work
that
says,
hey
you've
got
to
get
some
form
of
consent,
actually
is
a
change
from.
It
is
specifically
to
get
user
media
consent.
A
You
must
get
right
because
it
is
now
opening
up
the
possible
possibility
that
you
might
have
a
different
form
of
consent
that
you
are
using
instead,
for
example,
data
channel
concept
right
so
I
think
we've
we
we
have
to
look
at
this
as
kind
of
a
whole
package.
We
can't
go
back
and
say:
okay,
we've
got
the
idea.
Does
this
reflect
the
idea?
Because
it's
really
these
the
details
are
here?
What
are
important?
We
all
agree.
We
want
consent.
The
question
is
given
that
we
don't
have
a
specific
consent
for
IP
location.
Q
Alisa
Cooper
so
not
relocating
the
actual
recommendation,
I'm
just
trying
to
I'm
just
thinking
about
when
this
goes
through
IHG
evaluation
and
what's
going
to
happen
and
I
think
the
way
that
the
text
is
phrased
about
getusermedia
consent
might
benefit
from
a
small
adjustment
that,
instead
of
being
in
this
in
some
ridiculous,
instead
of
being
in
the
passive
voice,
explain
it
as
like.
This
is
how
the
user
agent
might
justify
such
a
choice,
because
it's
it's
they're
sort
of
it's
sort
of
subtly
making
an
argument
for
why
that's
a
good
choice.
Q
The
way
that
I
read
this,
which
is
kind
of
weird,
because
the
actual
recommendation
is
we're
not
going
to
tell
you
how
to
do
this.
But
then
it's
that
it
says,
here's
a
way
that
it
could
be
done
and
here's.
Why
that
that
way
is
good.
Whereas
there's
going
to
be
a
bunch
of
debate
about
whether
that
way
is
good
or
not,
and
that's
why
it's
not
actually
being
normatively
recommended,
and
so
it
would
be
better
or
to
sort
of
project
onto
the
browser
and
say
this
is
why
11
might
justify
it.
K
I
I'd
like
to
a
slightly
different
point,
first,
welcoming
up
the
side
that
the
answers
may
attempt
to
that,
but
so
I
think
you
say
gathering
should
only
be
done
once
can
you
have
consent?
I
would
argue
that
act.
The
actual
important
thing
is
that
the
results
of
gatherings
will
be
presented
through
the
API.
If
you,
you
know,
as
a
browser
think
I'll
get
it's
very
high
probability,
there
will
be
consent,
I'm
going
to
start
pinging.
This
turn
server,
so
that
once
the
user
clicks
on
consent,
it's
ready.
I
H
Good
idea,
so
not
in
thompson.
I
think
the
coach
is
going
to
address
that
point.
I
was
getting
up
to
offer
some
suggestions
from
my
long
and
hard
experience
with
dealing
with
permissions
and
consent,
and
things
like
that
and
then
they'll
be
through
C
side
of
things.
There's
been
a
lot
of
discussions
there.
H
It's
quite
clear
that
different
browsers
have
different
attitudes
towards
the
way
that
they
ask
for
consent
and
the
way
that
they
consider
signals
from
the
user
in
particular
ways,
and
this
text
I
think
with
the
friendly
amendments
that
alyssa
was
talking
about,
goes
some
way
to
to
addressing
that.
The
first
sentence,
the
rest
of
it,
particularly
that
second
sentence
a
problematic,
but
the
key
here
is
that
we
I
think
we
yeah.
We
must
have
a
must
on
that
first
sentence
and
that
this
is
about
the
browser
making
a
decision
about
whether
that
consent
exists.
H
P
There's
there's
multiple
partners
that
you
may
not
want
to
leak.
Your
IP
address
information
to
one
of
them
is
the
potential
communicant
that
you're
talking
to
you
and
the
one
is
the
turn
server
right.
You
haven't.
You
have
a
list
of
local
IP
addresses
that
you
shouldn't
just
randomly
publish
to
arbitrary
websites
that
ask
for
them.
So
please
please
do
not
release
his
information
without
user
consent,
so
yeah,
sorry.
This
is
daniel.
Con
gilmore
from
aclu.
A
A
K
K
A
A
Okay,
and
so
if
you,
if
you
use
that
as
the
parallel
I'm
perfectly
happy,
because
I
agree
with
you
that
in
that
case,
the
relay
addresses
is
probably
not
sensitive
in
the
same
way.
But
the
fact
that
somebody
tries
to
get
me
to
join
a
particular
app
community
or
call
in
the
pokerstars
sense
shouldn't
send
the
data
about
where
I
am
to
that
person
correct.
That's,
that's
all
I'm
getting
at
it.
If
you
want
to
say
if
you
want
to
make
it
under
that
requirement,
I'm
hat.
N
N
O
Yeah
I
wave,
the
Peter
Thatcher
I,
was
just
going
to
ask
about
Martin's
comment
that
they
should
must
be
a
must.
If
it
is
a
must,
then
this
phrase
is
basically
saying
that
you
must
not
gather
all
possible
candidates,
but
that
could
be
achieved
just
by
not
gathering
one
candidate
right.
So
it's
not
a
very
strong
list.
H
Okay,
so
so
to
Peter's
comment
then
fixed
the
sentence.
We
have
some
rules
along
the
lines
of
the
which
categories
of
candidates
forum
into
which
part
of
things
actually
state
in
this
sentence,
which
ones
are
safe
together
in
the
absence
of
consent
of
any
form,
write
that
down
and
then
we
move
on
I
got
up
to
point
out
something
that
I
needed
to
say
in
the
earlier
statement
was
one
of
the
concerns
that
comes
with
this,
this
choice
of
design,
this
choice
of
why
we're
not
actually
going
to
tell
you
what
conditions
consent
come
with?
H
Is
that
you
don't
have
any
determinism
in
in
your
API
just
making
that
very
clear
that
people
writing
applications
to
the
api's
will
now
have
less
certainty
about
what
it
is
that
they
can
expect
from
an
implementation
that
provides
this
API
with
respect
to
what
IP
addresses
and
IP
addresses
they're
going
to
get
under
certain
conditions.
So
if
we
explicitly
said
getusermedia
are
sufficient
and
you
release
all
the
IP
addresses
on
getusermedia,
then
you
would
know
that
you
call
getusermedia
get
consent
for
that,
and
then
you
would
have
all
the
IP
addresses.
H
But
we're
saying
here
is
the
browser
decides
what
signals
are
necessary
and
that
maybe
signals
of
all
sorts.
It
may
be
that
the
user
has
to
move
this
their
mouse
in
counterclockwise
three
times
to
to
get
permission
to
use.
These
IP
addresses
right,
so
I'll,
point
out,
I
point
this
weakness
out
and
then
I'll
also
point
out.
H
There
is
consensus
in
the
w3c,
at
least
to
the
extent
that
I
can
determine
an
employee
there's
any
chairs
engulfed
in
this
process
over
there,
that
this
is
okay
for
all
forms
of
permission
on
the
browsers,
so
just
letting
that
information,
local
80,
so
non
determinism
in
terms
of
what
it
means
to
get
a
permission
is
entirely
acceptable
for
all
forms
of
permission.
So
non
determinism
is
embraced
wholeheartedly.
Yes,
especially
from
the
permissions
is
my
prayer.
Oh
yeah,
yeah
non
determinism
is
actually
really
good
for
solving
hard
political.
Q
H
So
there
is
something
different
in
this
case.
We
have
what
we,
what
I
would
call
established
social
norms
around
the
requirements
to
give
consent
for
a
camera
that
has
been
well
established.
We
have
plenty
of
examples
in
the
sort
of
implementations
that
are
out
there
and
there's
basically
established
expectations.
That's
less
the
case
here.
P
This
is
TK
j,
so
prompted
by
the
rules,
lawyering
I,
think
at
about
whether
this
is
a
strong
must
or
not.
If
we
turn
it
into
a
must,
it's
also
not
a
strong
must
because
of
the
some
form
of
user
consent,
as
is
similar
to
sort
of
what
what
bargain
was
saying,
but
maybe
worse,
if
a
user
consents
to
say,
allow
pop
up
windows
from
this
website
is
that
some
form
of
user
consent.
We
have
to
worry
about
some
implementer
thinking
that,
because
pop-up
windows
are
allowed,
we
can
also
do
IP
address
enumeration
I.
H
B
R
N
R
N
N
Right
right
now,
we
don't
do
it
right
so
right
now
the
browser
behavior
is
to
give
out
house
candidates.
If
you
don't
at
the
moment
right
so
we're
talking
at
so.
The
point
is
we're
talking
about
removing
that
behavior
and
replacing
it
with
one
where
we
only
give
a
house
candidacy
either
you
had
a
camera
microphone
or
there
were
some
pop,
sometimes
yeah,
and
specify
any
comprehensible
pop
up,
which
you've
asked
you
to
consent
to
I.
R
N
A
So
my
understanding
is
that
we're
going
to
get
a
PR
from
Alyssa
if
you'd
like
to
provide
a
competing
PR
you're
welcome
to
do
so
work.
The
two
of
you
would
like
to
collaborate
on
a
CRM
of
course,
happy
about
that
as
well,
but
ultimately
we're
going
to
have
to
have
that
the
text
and
agree
on
the
specific
text,
because
it's
pretty
clear
that
when
we
try
and
discuss
it
from
first
principles,
we
stay
unhappy.
M
Dan
burnout,
I
agree.
I
was
actually
going
to
reiterate
what
alyssa
said,
which
is
that,
basically,
all
we
can
really
do
here
is
state
that
we
require
user
consent.
We
can
maybe
give
different
conditions
under
which
we
want
different
levels
of
user
consent,
but
for
the
most
part
we
cannot
say
how
that
user
consent
is
to
be
obtained.
M
I've,
always
given
the
example
that
someone
could
actually
download
a
different
browser
where
the
consent
is
given
in
the
downloading
and
installation
of
that
browser,
and
that's
been
true
for
the
camera
and
microphone
access
specifically
by
all
this
time.
If
you're
blind-
and
you
expect
to
use
your
browser
to
do
only
audio
interaction,
you
may
actually
install
a
custom
browser
that
always
has
your.
Your
microphone
live.
Okay
and
that's
always
been
acceptable.
I
think
the
same
thing
is
true
here.
E
And
wendy
seltzer,
just
acknowledging
martin's
comment
on
non
determinism.
Yes,
it's
non-deterministic,
because
users
have
different
preferences
and
for
some
users
that
this
data
will
be
the
IP
data
will
be
sensitive
enough,
that
they
want
to
get
it
on
a
different
set
of
considerations
and
whether
that
means
that
they're
using
extensions
that
give
them
greater
control
or
choosing
different
browsers
that
that
give
them
greater
control.
They
will
have
a
different
experience
and
their
experience
of
RTC
may
be
worse,
but
their
experience
of
privacy
will
better
match
their
preference.
K
Yeah,
just
specifically
on
that
topic,
I
know
the
brave
browser
has
an
anti
fingerprinting
mode
went
in
that
mode
I.
The
actually
is
no
there's
even
with
consent.
No
local
actresses
are
exposed,
and
so
like
they're
already
in
some
non
determinism,
depending
what
browser
you're
running
on
for
how
this
actual
gathering
process
a
little
complete,
I,
don't
think.
That's
really
an
issue.
A
S
This
this
draft
is
about
requirements
related
to
the
authentication
step
of
web
RTC,
especially
when
they
are
IDPs
involved
in
the
setup
of
the
communication,
and
so
the
the
authors
of
the
draft
have
done
some
use
cases.
Of
course,
a
main
input
of
this
use
cases
for
somebody
serving
it
is
a
web
RTC
architectural
security
draft
which
has
sections
about
IDPs,
but
not
only
also,
there
are
multi
parties,
so
let's
put
the
possibility
to
set
up
a
call
between
different
domains
and,
for
instance,
an
example
of
use
case
inside
number.
S
S
Okay,
so
typically
what
they
are
afraid
of
the
song.
Some
kind
of
I
would
say,
user
concerns
requirement,
as
they
are
afraid
that
their
IP
are
there
a
email
identifier
leaks
within
as
the
identity
assertion
when
the
identity
assertion
he's
done.
Another
type
of
concerns
I
have
is
at
the
be
party
which
is
called
may
want
not
to
be
called
again
by
the
a
party
so
that
they
would
like
some
kind
of
again.
S
Privacy
regarding
their
identify
us
as
a
correct
part
and
regarding
the
requirements,
I
think
also
basically,
to
sum
up-
they
want
to
be
able
to
configure
and
as
a
privacy
on
a
per
core
basis
and
also
on
a
pair
IDP
basis.
So
this
is
the
example
for
the
call
center.
I
think
the
next
example
in
this
size
for
is
on
the
same
about
the
same
vein.
So
basically,
this
is
a
summary
of
of
this
line.