►
From YouTube: WebRTC WG Virtual Interim on June 4, 2020
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
B
B
B
Okay
and
this
meeting
is
being
recorded,
we
turned
recording
on
and,
of
course,
we'll
upload
that,
along
with
the
minutes
after
words,
okay,
so
here's
what's
on
the
agenda,
I'll
talk
about
the
state
of
simulcast
testing
Harold
will
then
present
insertable
streams.
We
have
a
weber,
CPC
security
issue
on
port
scanning,
which
I
will
talk
about,
and
then
sir
privacy
and
security
issues
relating
to
media
capture
and
streams
me
to
capture
output,
and
then
you
went
a
little
bit
about
automation.
A
media
capture
is
agenda.
B
B
It's
tricky,
of
course,
because
WPT
is
only
running
on
a
single
browser,
but
on
some
work
that
fit
though,
and
Florent
it.
We
do
have
sama
cast
loopback
test
now:
NW
PT.
So
there
were,
it
started
off
with
two
tests.
One
was
a
basic
loopback
test
which
sent
simulcast
and
then
through
some
STP
munging
received
it
on
browser,
and
that
demonstrated
the
ability
to
send
simulcast
and
also
to
receive
and
render
each
encoding.
B
And
so
in
the
test
we
tested
bp8
in
h.264
and
then
basically
the
coverage
here
was
we
tested
a
transceiver
to
create
the
multiple
encodings
and
then
we
were
essentially
testing.
The
ability
in
the
read
read
had
our
extension
and
then
receive
it
as
a
mid
header
extent,
kind
of
have
tested
those
code
paths,
and
then
we
had
a
get
stats
version
of
the
test
which
basically
then
retrieved
the
stats
and
demonstrated
that
the
that's
corresponding
to
the
writs
were
retrievable.
B
B
So
that's
how
we
started
out
and
then
the
next
question
that
Dom
asked
in
particular
was
can
how
far
can
end
this
WPT
test
coverage
to
test
assessed
functionality.
So
we've
had
some
a
couple
of
ideas
on
how
we
might
do
that.
One
just
to
have
codec
specific
to
make
sure
that
simulcast
works
for
each
of
the
video
codecs.
And
so
we
have
a
CL,
let's
land,
that
h.264
and
vp8.
Of
course,
we
can
probably
extend
this
to
test
vp9
a
v1
whatever
whatever
comes
in
it's
a
fairly
simple
change
to
do
that.
B
So
so
that's
one
Avenue
Romania
coverages
to
test
each
codec.
Another
aspect
is
whether
the
RTC
I'll
keep
the
encoding
parameters,
actually
what
we
think
they
ought
to
do,
and
so
one
of
them
was
to
one
idea
was
to
set
given
some
akash
james
to
active,
active,
true
or
active,
false
and
see.
If
that
does
what
it's
supposed
to
do,
so
we
have
a
CL
at
landed
to
do
that.
B
If
it's
false,
we
shouldn't
be
sending
anything.
So
we
testing
that
now
flipo
has
worked
on
a
test
for
max
framerate,
and
that
test
is
that
basically
test
at
setting
of
value
results
that
have
actually
less
than
the
one
we
requested.
The
test
that
was
submitted
had
an
issue
I
think
that
Harold
found
where
it
was
looking
at
the
aggregate.
It
wasn't
exactly
clear
in
all
circumstances
that
it
would
work,
but
we're
looking
at
updating
it
to
address
that.
B
So
I
think
we're
on
our
way
to
getting
a
max
framerate
test
in
and
I
guess
using
something
pretty
similar.
We
could
test
max
bitrate
to
see
that
it
set
a
value.
You
actually
got
a
bit
rate
less
than
what
you
asked
for
and
the
remaining
one
that
we
thought
in
this
category
was
scale
resolution
down
by
which
would
basically
try
to
see
that
we
got
a
resolution
that
was
approximating
the
one
we
asked
for
I.
Think
yonni
barrios
raised
some
issues
about
the
defaults
and
scale
revolution
down
by,
but
I
think
we
could
get.
B
We
could
try
this
one
as
well,
so
that's
kind
of
the
avenues
we're
exploring
now
to
get
better
coverage.
There
are
some
things
we
just
can't
test
in
WT
in
loopback.
You
don't
have
any
loss,
so
you
can
test
any
robustness,
stuff
and
so
no
RT,
x
or
red
or
fat
or
it's
of
course
you
can't
test
Interop,
because
there's
only
one
browser
unique
ID
for
that
do
we
have
any
comments
or
suggestions
from
the
group
of
other
things
that
we
might
think
about
to
get
better
Sam
with
house
guest
coverage.
D
D
When
we
had
that
discussion
in
India,
you
mentioned
most
of
the
time
the
simulcast
problem,
you're
getting
the
the
ticket
practically
all
are
related
to
the
media
server
as
well.
Right,
sometimes,
you
said.
Sometimes
I
got
ticket
against
Janice,
sometimes
I
get
ticketed
htc,
sometimes
I
get
to
Kate
about
this
this
this,
and
that
you
did
something
we
still
want
to
put
on
the
table
and
have
at
least
for
the
open
source.
B
Well,
I
think
this
isn't
a
substitute
for
kite
s.
It's
just
that
and
if
there
are
armed
so
I'm
not
saying
we
shouldn't
do
those
still
do
those
kite
s,
I
think
they
should
be
done,
but
what
we
were
finding
is,
if
you
look
through
the
bugs,
there
were
very
basic
things
caught
and
we're
actually
ending
up
in
sometimes
in
depth.
Depth
final
releases
like
that
not
test
back
I'm,
a
very
basic
thing
so
and
we
did
find
through
the
simulcast
s.
B
B
I
mean
yeah,
so
I
think
I
think
the
kite
tests
are
still
needed.
First
system
I
mean
like,
for
example,
if
anybody
is
actually
building
an
application,
they'd
be
kind
of
insane
to
not
do
an
end-to-end
kind
of
a
test
to
make
sure
the
whole
system
was
working.
D
Yeah
and
another
question:
if
I,
maybe
this
one
might
be,
maybe
for
Henrik
in
the
latest
crumb,
there
is
actually
stats
for
simulcast
that
yes,
Mac
makes
a
difference
based
on
SSRC
and
and
I.
Think
here
we
speak
about
making
a
difference
based
on
our
ID,
so
I
don't
know
which
way
we
want
to
do
or
if
it's
actually
very,
very
clear
in
the
spec.
Damn
I'm
worrying
about
the
ab1
implementation,
for
example.
Also,
so
do
we
attach
the
stat?
So
how
do
we
segregate
the
different
layers?
That's
the.
E
C
B
D
To
encourage
identify
where,
where,
if
the
spec
is
going
in
one
direction
and
not
the
other,
because
I
know
different
browser
implemented
if
ur,
enslaver
and
different
as
if
you
implement
different
flavor,
but
not
not
all
of
them,
implement
both
SSRC
and
and
their
ID
and
em
ID.
So
what
what
is
spec
saying
is
the
spec
saying
we
need
to
support
it
all
the
cases
or
is
the
spec
saying
we
should
do
one
way
and
not
the
other,
just
a
clarification.
Question
well,.
B
C
B
C
B
As
a
practical
matter
out,
there
I
mean
we
have
an
open
issue
which
we're
gonna
talk
about
at
some
point
about
how
to
the
problem
is
what
we're,
in
our
current
test,
we're
testing
that
we
can
retrieve
the
stats
right,
we're
not
testing
that
the
stats
actually
make
any
sense
right.
That's
a
that's!
A
kind
of
a
bigger
question.
A
B
A
B
Okay,
so
maybe
we
can
have
in
the
notes
to
the
meeting
we
want
to
explore,
maybe
how
to
test
the
sanity
of
stats,
maybe
extending
some
of
these
ideas
to
do
that
for
the
SSRC,
as
well
as
for
the
rid
how
about
that
as
a
resolute
for
going
forward.
Okay,
I
think
that
might
be
Henrik.
Do
you
agree
that
might
be
this
I
mean
I?
Have
this?
We
have
this
open
issue
of
how
to
test
whether
this
that's
actually
work.
B
C
C
F
B
That
is
the
plan
clip.
We
still
need
the
kite
test
to
demonstrate
that,
but
what
we
found
in
these
WPT
tests
is
there
was
a
lot
of
air
very
basic
stuff
that
wasn't
working
okay,
so
at
that
kind
of
foundation
and
stuff,
because
if
you
don't
even
cast
yourself
stuff
set
into
someone
else,
but
yes,
we
do
absolutely
it's
kind
actor
Alex,
dr.
Alec
word
is
going
to
be
an
important
part
of
ära
are
going
to
yeah
yeah.
D
D
I
hope
they
won't,
but
anyway,
that's
a
different
question
if
the
editors
or
Dom
require
me
to
rerun
the
test
before
the
end
of
the
year
to
have
some
data
specifically
on
simulcast,
we
are
available,
of
course,
do
not
hesitate,
but
we're
not
we're
not
running
them
on
the
weekly
basis.
For
the
time
being
so,.
B
From
the
kite,
and
probably
we
wouldn't
need
once
we
get
these
basic
simulcasting,
we
can
evaluate
the
pass
rates
and
ones
once
I
think
we're
close
to
passing
on
all
on
a
bunch
of
browsers.
So
we
get
the
weekend
star
bike,
probably
not
good,
to
wait
till
the
last
minute
as
we
might
find
stuff
that
needs
well
to
be
fixed.
B
A
Insertable
stream,
so
won't
warrior
with
repeating
this,
that
the
sign
and
the
details
we've
got
that
the
previous
beliefs
so
just
rehash.
This
is
inserting
JavaScript's
nothing.
The
web
application
insert
itself
between
the
and
encoding
step
and
an
outgoing
transport
and
between
the
incoming
transport
and
the
decode
step.
Next
time.
A
So
chrome
has
implemented
it's
available
if
you
turn
on,
expect
enable
experimental
web
platform
features
and
available
as
an
original
trial
for
anyone
there.
Any
website
that
wants
to
register
to
use
it
on
all
chromate.
Three
users
do
who
uses
it
and
hit
C
those
are
using
it
for
ender
and
additional
family
tree,
and
a
number
of
people
are
doing
and
a
number
of
experiments
for
other
things.
You
can
do
when
you
have
access
to
this
particular
point
in
the
chain,
for
instance,
adding
tag-along
data
for
for
AR
and
systems,
I.
A
Know
who
has
been
explaining
of
the
spec
document
that
conform
roughly
to
what's
in
chrome,
84,
which
is
try
to
change
from
A
to
G?
We
still
need
more
brain
worked
with
Dom.
What's
metadata,
you
need
in
a
in
addition
to
to
having
device
of
the
frame.
That's
metadata
that
you
need.
I
was
going
to
do
the
right
right
things,
because
not
everything
is
obvious
from
the
thing,
a
method
that
they'll
need
on
the
incoming
site,
because
again,
not
everything.
That's
obvious
from
the
from
the
Bison
app
a
in
a
fail.
A
So
two
questions
that
are
the
the
big
question
in
front
of
the
group
today
are
is:
can
we
adopt
this
as
a
working
group,
deliverable
document
as
a
starting
point
board
and
creating
an
API?
We
all
can
agree
on
agree
on
line
increments
for
this
purpose,
so
we're
not
put
out
the
call
for
consensus
and
I
would
say
the
feedback
on
the
list
has
been
positive.
So.
A
You
can't
change
the
metadata.
You
get
instructions
that
this
is
a
size.
This
is
a
keyframe
business,
a
number
of
other
things
and
that's
information
that
they
always
get.
It's
not
something
you
can
change
and
there's
no
interaction
with
the
feedback
signals.
That
is
when
transport
lco,
he
you
selling
selling
too
much
data
that
goes
back
to
the
codec.
The
regular
say
this
turnout
and
you
must
give
doesn't
see
that
signal
and
counts,
modify
that
signal
which
what
means
that
it
might
be
completely
wrong
for
some
applications
for
this
API.
A
A
G
Yeah
Eric
where's,
Carla
I,
can't
really
send
this
list,
but
I
figured
by
trolls,
same
person,
I
mean
so
as
a
mechanism
for
doing
manipulation
of
some
of
the
things
you
suggest,
you
know
rate
adaptation
or
you
know,
adding
metadata.
This
seems
like
totally
reasonable,
but
they
said
which
this
is
a
tenon
friend
an
encryption
that
seems
like
less
reasonable,
so
I
mean
I.
Have
another
number
of
concerns
here
on
some
of
which
I
think
this
one
raised
Eric.
B
G
Though
my
impression
of
what
was
a
rooves,
actually,
it
was
actually
saying
slightly
different.
We
could
talk
about
that
separately.
Yeah,
so
I
mean
I.
Think
I.
Think
I
should
be
clear,
like
I'm
a
hundred
percent
in
favor
of
end
encryption.
I
think
that's,
that's
that's
pretty
obvious,
but
you
know
this
particular
variant
of
it.
I
think
has
like
a
number
of
like
you
know,
like
not
amazing
properties.
First,
you
know,
first
of
all
like
the
key
management,
they
could
be
ooh.
G
Actually,
the
selfie
cam
and
her
problem,
if
you
actually
own
biggest,
abandon
encryption
and
having
the
keys
in
JavaScript,
is
like
pretty
like
not
amazing,
so
I
mean
if
they're
working
Plus
to
work
on
like
in
an
encryption
that'd
be
great
but
like
having
sort
of
like
this
is
a
partial
put,
an
encryption
without
like
a
commitment
or
an
end
of
it.
Rest
of
it
seems
like
actually
I
have
some
pretty
high
risk
of
a
huge
cotton
or
worse
equal
than
we
are
now.
G
You
know
on
you
know,
even
within
the
Assumption
set
that
you're
doing
that
on
the
crypto.
Sorry
that
the
key
management
javascript.
You
know
this
particular
design
is
not
amazing.
So
first
books
of
breaks
isolated
streams
on
any
kind
of
impact
base.
Any
kind
of
story
you
could
make
about
information
flow
tracking
about
the
data
goes
because
it
data
has
to
get
reacts
built
out
into
in
these
on
in
these
objects.
G
So
I
think
you
know
I'm
and
ii
because
it
frankly
encourages
roll
your
own
crypto
and,
like
you
know,
we
keep
being
reminded
about
how
about
evaluated.
Let
people
roll
their
own
crypto.
You
know
most
recently
with
zoom
I'm
in
East
EB,
so
you
know,
and
and
of
course
criminal
Azzam
is
a
self,
not
a
great
idea,
because,
while
it
isn't
really
built
for
doing
you
know,
you
know
costing
time
of
cryptography,
so
I
mean
I.
G
Think
if
you
want
it,
if
a
purpose
of
you
know
having
this
be
support
and
in
crypto
or
so
is
what
you're
looking
for
what
you
want
is
to
be
able
to
have
and
I
think
you
on
had
this
in
issue,
maybe
seventeen
you
know
you
want
to
have
an
extra
a
canned
like
pod
that
takes
in
a
key
and
guarantees
that
script.
G
We
have
a
processing
to
a
specific
protocol,
not
like
a
general
like
heroes
like
an
escape
hatch
to
JavaScript
on
on
so
on,
because
I
guarantee
is
very
confined
minute
guarantees.
The
protocol
is
correct
on
so
on.
You
know,
I
can
see
a
bunch
of
resolutions
here,
but
I
think
the
resolution
where
this
is
adopted
it
houses-
this
use,
K
has
a
listed
use
case
and
and
is
not
a
good
one.
A
A
A
G
I
F
F
Stream
proposal
and
the
JavaScript
version
as
something
like
a
short,
a
very
short
term
solution,
and
we
should
definitely
be
sure
that
we
have
a
long
term
word
map
that
can
build
upon
and
constants
have
the
crypto
built-in
in
the
in
the
browser
and
that,
but
it
would
be
so
easy
to
use
that
everybody
will
switch
to
that,
or
at
least
all
the
good
people
will
switch
to
them.
We
cannot
just
stop
at
the
first
step,
which
is
to
let
people
implement
end-to-end
encryption
just
in
pure
JavaScript.
J
G
Guess
my
port
would
be
like
that.
My
proposal
would
be
to
adopt
this
document,
but
remove
the
encryption
piece
which
has
no
actual
semantic
impact,
but
stops
encouraging.
People
did
something
which
you
think
was
not
good
practice
going
forward
and
I'm,
not
saying
you
can't
do
it
I'm
saying
it's
encouraging
it
and
thus
avoids
the
situation
that
we
did
suggest
that
we
are
endorsing
that
as
the
final
solution
is
appropriate
and
solution,
but
we
should
work
on
that
so
migrate.
A
C
G
What
is
it,
what
that
point
out
is
the
natural
extension
as
I
understand
it
to
this
API,
which
is
dad
there.
Why
I
mean
the
what
what
you
would
expect
to
do
if
I
understand
if
I
understand
it
correctly,
is
that
we
could
simply
invent
a
kind
of
doodad
I'm,
not
sure
what
they
call
pod.
What
are
you
calling
turbo
streams?
You
call
them?
Oh
I,
don't
know
you
call
intern
transformers
a
transformer
like
built-in
transformer.
G
You
know
crypto
j
s
frame
transformer
and
that
would
fit
not
very
naturally
into
this
framework
and
in
fact
you
could
polyfill
that
right,
so
so
I
think
I
think
I
mean
there's
a
fairly
natural
bridge
of
that
and,
as
you
know,
there's
been
some
work
working
on
short
stories
and
look
at
ITF
in
terms
of
doing
s,
frames,
Messam
specification,
so
I
mean
I'm.
G
No
particular
I
haven't
thought
about
a
serve
enough
to
really
know
if
I
see
exactly
the
right
thing
on,
but
I
I
think
like
I,
guess,
I
guess
one
well
I'm
sad
about
it
as
I
say.
Is
this
implication
that,
like
that,
like
you
know,
I
mean
this?
Is
this
is
like
the
the
term
we
user
is
recommendation
and
the
idea
that
we're
gonna
recommend
this
is
a
practice,
seems
like
extremely
like
unsound,
so.
A
G
E
B
G
Mean
means
that
means
I
mean
I.
Think
it's
clear
like
that.
The
design
where
you
polyfill
in
JavaScript,
like
is
trusted
JavaScript
right
I
mean
like
it
is
the
the
design
where
you
you
know
the
design
were
you.
You
know
where
you
supply
the
Keen
material,
the
internship,
the
module
is
like
I,
don't
know,
semi-trucks
JavaScript
per
than
I
went
back
and
forth.
G
G
It's
actually
quite
complicated
and
it
really
depends
on
whether
you
have
like
you
know:
yes
are
I
and
whether
you
have
like
and
I'm
like.
Are
you
doing
MLS,
or
are
you
doing
basically
as
des
oh,
you
know
right.
So
it's
really
quite
hard
to
hard
to
heart.
Art
on
you
know,
I
guess
like
like
I
guess,
oh,
and
you
feel
like
like
this
seems
like
a
kind
of
a
thing
which
has
like
dermo
value.
G
Well,
I'm
trying
to
do
is
avoid
us
getting
into
a
bad
equilibrium
point
where,
like
everyone's
like,
hey,
we
have
like
end
in,
but
actually,
when
you
look
at
it,
when
you
look
at
me,
people
either
coverage
you're,
like
hey,
have
GM
really
sad
about
that.
So
that's
the
goal
on
trying
to
avoid,
but
I
think
like
this.
Obviously
I
saw
the
use
cases
I.
Think
the
other
advantage
by
the
way
of
you
know,
researchers
on
alluded
to
trying
to
scope
are
some
other
modules
would
be.
G
We
would
help
us
determine
which
of
these
limitations
that
were
Harold
indicated
are
actual
bad
limitations
at
which
ones
are
like
you
know,
which
ones
which
ones
not
level
right,
as
opposed
to
like
just
baking
it
in
and
being
like
two
months
two
years
down,
the
road
people
try
to
build
with.
It
were
like
a
flock.
K
L
K
G
Obviously
we
also
need
to
figure
out
at
some
point,
I
think
whether
we're
in
a
like
what
the
what
the
right
venue,
if
we're
trying
to
think
about
the
real
you
know,
a
full
and
end
solution
would
be
I
know
that
for
a
minim
hears
about
MLS
in
the
browser
from
from
both
Google
from
likes
a
number
of
no
from
from
the
consumers
of
this
of
MLS
in
summer
technologies,
as
well
as
from
browser
vendors,
I,
know,
I've
talked
I've
talked
to
I'm
mad
about
this
and
I
know
we're
interested
so
I,
don't
know
where
the
half
that
would
go,
but
we
started,
but
like
doesn't
cover
sugar
I've
had
lies
that
gets
more
mature.
A
G
And
like
I'm
frankly,
I
mean
III
didn't
catch.
What
you
said,
burn
are,
but
I
mean
the
same,
probably
about
less
right.
He's
like
it's:
okay
to
have
like
a
mouse
in
the
browser,
but
the
next
that
happens
just
like
that's
like
the
stuff
gets
rendered
to
the
DOM.
And
now
it's
like
it's
like
it's
like
it's
like
it's
like.
That's
a
actually
a
much
harder
poem
from,
alas
than
it
is
for
us.
G
I'm
gonna,
go
some
hand
waving
about
it,
but
I
think
it's
like
like
I,
don't
know
if
Richard
Hammond
we're
gonna,
bring
my
hand
waving,
there's
nothing
very
good
right
right:
okay,
thanks,
oh
well,
I
guess,
I'm!
Sorry,
happy
I
can
read
of
some
that
my
car
IIIi
know
that,
like
you
know,
to
see,
if
CN
tomorrow,
but
like
alright,
my
some
comments
today
in.
Why
would
I
sit
here
and
I
think
align
what
we
just
talked
about
I'm,
also
thank
you
happy
to
submit
it
submit
a
PR
to
the
explainer.
Okay.
B
C
A
A
Back
in
January
there
was
an
article
or
two
about
using
WebRTC
for
TCP
port
scanning
and
usually
nothing
any
websites
on
the
web.
Scan
your
TCP
ports
is
not
considered
is
a
good
for
security,
so
at
some
level
the
Browse
who
made
this
needs
to
say
you
have
released
TCP
port
I'm,
not
giving
it
to
you,
and
so
I
tried
to
write
up
some
words
to
add
to
the
document
saying
yeah.
The
browser
can
refuse
to
do
what
you
wanted
and
then
I
found
that.
A
Well,
we
need
to
define
what
does
the
browser
do
when
it
refuses
to
do
what
they
wanted.
So
I
could
do
two
things
that
were
obvious,
one
which
was
easier
to
test,
but
the
other
we
could
the
easily
testable
one
is
if
you
ask
first
thing
that
the
browser
does
not
know.
They're
also
throws
matter
in
your
face,
deletes
Marion's
piece
of
information
that
history
requests
likes,
that
some
as
the
P
entries
and
so
on,
and
they
just
say
it's
no
very
loudly.
A
That's
much
harder
to
test
I
think
I
have
a
proposal
that
we
could
extend
them,
that
from
test
server
to
allow
us
to
test
this.
But
this
it's
kind
of
ugly,
so
I
thought
I'd.
Ask
the
working
group
for
advice
on
this.
One
which
approach
should
we
take
when
it
comes
to
saying
no
way
if
your
truck,
if
you
try
to
scan,
though
the
poorest
in
the
world,
it's
not
going
to
happen.
A
Is
a
list
in
the
pitch
spec
that
contains
like
give
four
different
IRC
ports,
the
export
most
of
the
services
listed
in
a
EDC
services,
yeah.
B
G
Yeah
well
so
so
here
I
guess
trying
to
decide
between
these
two.
What
I'm?
What
I'm
trying
to
think
about
is
what
is
the
what's
the
probability,
the
legitimate
endpoint
which
generate
one
of
those
ports
and
if
the
probability
is
even
remotely
high,
then
error
return
is
gonna
cause
like
a
bunch
of
bad
bad,
surprising
failures
if
the
properties
below
them,
like
your
return,
looks
awesome
so
I
just
don't
know,
that's
that
question
that
seems
like
like.
G
A
G
Oh
I'm
totally
going
to
have
a
more
expansive
port
list.
I
guess
but
but
like
what
I'm
worried
about
is
like
is
like
this
is
I
understand
what
you're
saying
is.
If
I
had
you
know,
50
kick
if
I
had,
you
know
safe,
they
said.
Let's
take
the
example
of
like
a
comic
off
a
call
site
right
which
gives
you
which
gives
you
you
know
a
TCP
hit,
Oh
a
centralized.
You
know
I
slight
guy,
so
it
gives
you.
You
know
a
TCP
port
in
the
EVP
pork.
G
So
don't
know
if
you
can
get
UDP
through
the
tunnel
right
on
and
it's
like
you
know,
97%
of
people
or
whatever
the
number
is
we'll
be
able
to
get
the
UDP
working,
and
if
that
fact,
that,
like
one
out
of
a
hundred
times,
picks
a
forbidden,
TCP
port,
then
then,
and
that
causes
call
fail.
You're,
really
a
call
for
your
100
times,
whereas
you
know
if
it.
G
If
it
only
fails
that
that
that
address
then
you're
in
a
call
fail
your
you
know,
100
times
0.03
times,
which
is
a
lot
any
100.3
times
a
lot
better
right.
So
I'm
just
right
figure
out
how
you,
like
you
know
what
the
impact
is
like
is
this
gonna
be
a
really
hard
to
debug
in
the
field.
G
If
we
have
a,
if
we
have
a
if
we
have,
if
we
have
a
hard
fail,
I
mean
he's
not,
but
that's
why
that
I
can
I,
don't
feel
strongly
about
I'm
trying
to
raise
the
issue
make
sure
people
follow
through.
A
If
someone's
trying
to
diagnose
a
port
fail
and
connect
failure
doesn't
connect
for
all
sorts
of
reasons.
That's
why
we,
what
they
see,
is
so
totally
things
fancy
about
what
it
tries
to
connect,
and
so,
if,
if
it'll
go
for
the
failure,
then
ok,
this
candidate
fail.
Let's
try
another
one
to
go
for
the
silence
them
well,
you
said
anything:
a
bunch
of
other
candidates,
away
a
source.
The
connections.
M
Hey
Harold,
I
think
for
application,
Diagnostics
right
for
third-party
developers
to
understand
what's
going
on.
It
would
be
really
beneficial
to
be
explicit
here
right,
whether
something
failed
because
of
some
policy
or
something
failed
because
of
a
real
Network
issue.
Right
does.
This
might
be
very
beneficial.
Although
here's,
the
question,
are
we
actually
planning
to
standardize
the
list
of
ports
that
will
be
under
this
policy
or
it
will
be
out
of
four
other.
E
A
G
G
We
can't
work
on
them,
I'm,
just
I'm,
just
saying
like,
like
you
know,
it's
been
until
like
until
like
right
this
moment,
it's
impossible
to
write
a
totally
conformant
thing
which
would
talk
to
over
to
you
based
browser,
but
ever
reading
a
w3c,
spec
right
and,
and
so
if
this
would
have
a
property
change
unit,
and
so
that
would
be
accessing
some
desirable
I
mean
like
I'm,
not
saying
I,
don't
I
don't
get
in
the
list
and
I've
got
an
enquiry
code
in
the
document
I'm
just
saying
we
should
make
a
copy
over
an
idea.
B
Yeah
part
of
the
problem,
Eric
is
that
there's
so
many
ports
that
couldn't
be
used
to
do
very
nasty
things
like
as
an
example,
many
PBX
is
used
port
8080.
So
one
of
my
concerns
about
this
is
having
any
fixed
list
is,
is
still
going
to
leave
some
pretty
nasty
vulnerabilities
out
there
and
that
the
kind
of
meaning
and
I
know
I
realized,
that's
complication,
because
it
means
you
need
to
have
some
kind
of
policy
or
something
you
know.
Different
enterprises
may
want
to
push,
have
different
forbidden
ports
listed
ya,
know.
A
C
If
we're
talking
about
blocking
explicit
ports
or
just
blocking
because
you've
tried
a
million
different
candidates,
then
it
makes
sense
to
just
fail,
because
you
can't
use
the
failure
as
a
port
scanning
and
there's
no
harm
in
rejecting
the
operation.
Thank.
But
if
we're
talking
about
more
in
general,
like
trying
to
port
scan
with
ice
ports
that
are
open
on
another
endpoint
that
don't
speak
ice,
then
it
might
make
sense
to
just
fake
your
timeouts
so
that
you
can't
tell
that
there
is
another
endpoint
with
the
port
open
there
or
something
I'm,
not
sure.
A
A
F
A
N
F
Okay,
next
slide
media
capture
automation.
So
we
all
know
that
testing
is
hard
and
testing
catches.
The
media
and
related
children
like
anime
devices,
divide
change,
play
constraint,
bla
bla
bla
really
hard,
but
it's
really
beneficial
for
browser
vendors.
That's
also
for
website
offers
that
can
ensure
that
their
website
is
learning
fine.
F
Maybe
when
catches
a
meteorite
with
all
the
mighty
changes
to
be
able
to
play
police
this
so
being
able
to
test
that
is
good
constraints.
Matching
is
also
very
important,
and
we
know
that
probably
we
might
have
some
interviews
in
the
way
we
are
matching
constraints,
device
change
event,
I'm,
not
sure
that
we
have
any
tests
where
and
lately
we
added
quite
a
bit
of
rules
related
to
any
innovative
devices
and
how
it's
doing
filtering
and
so
on,
and
these
are
things
that
are
pretty
hard
to
test.
F
So
the
proposal
is
basically
to
add
a
dedicated
webdriver
API,
so
I
drafted
like
six
months
or
maybe
a
little
bit
more
now
ago,
a
spec
that
is
basically
defining
such
a
webdiver
API.
So
you
can
control
whether
getusermedia
will
reject
or
not
you
can
add
and
remove
fake
devices,
and
you
have
some
limited
control
of
tech
devices
capabilities.
F
What
this
API
it
does
not
have
is
things
like
specifying
the
content
generated
by
fake
devices.
So
for
that,
that's
the
basic
idea
of
there
is
to
keep
the
proposal
very
simple.
Also,
access
to
real
devices
is
currently
out
of
scope
of
this
API.
So
I
started
to
talk
a
little
bit
about
that
with
some
people
and
they
they
were
interested
so
I'd
like
at
the
end
of
the
day
that
we
start
working
on
that
in
a
more
standard
way.
F
B
Just
speaking
for
myself,
even
I
think
it
would
be
useful.
A
lot
of
that
actually
WPT
test
failures
we
have
today
are
as
a
result
of
not
having
this
API
I.
Think
there's
a
lot
of
spurious
test
failures
that
we
get
and
in
particular,
if
we're
gonna.
You
know,
because
of
all
the
changes
we've
made
in
the
numerator
devices
and
stuff
I
think
it
is
important
to
be
able
to
test
this.
E
C
Because
WP
tease
like
what,
with,
while
speaking
for
WebRTC,
we
kind
of
got
around
it
by
just
automatically
accepting
prompts
and
which
is
not
perfect
and
doesn't
cover
all
the
cases.
But
in
terms
of
proving
that
most
of
the
API
is
work
we,
it
was
good
enough
to
not
have
a
webdriver
API
for
getusermedia
I.
Think
it's
more
important
to
have
a
webdriver
API,
but
I
also
think
that
we
are
closer
to
being
complete
I.
L
A
F
B
F
Okay,
so
media
capture,
output,
I,
guess,
is
the
name
of
a
spec,
so
we
have
an
API
that
allows
to
set
the
speaker
for
a
given
media
element.
So
it's
called
HTML
media
element
set
sync
ID
and
it's
it's
working
time,
but
it
has
some
limitations.
The
first
limitation
is
that
you
need
to
get
device
IDs
right
to
to
select
which
device
you
you
are.
F
You
currently
chrome
gives
IDs
so
speaker
IDs.
If
camera
or
microphone
access.
This
grant
is
basically
which
is
working
fine
for
typical
web
conferences.
But
selecting
speakers
is
something
that
is
a
bit
wider
than
web
conferences
and,
for
instance,
webcasts
I
know
yours
is
the
case
where
you
start
just
listening
and
you
don't
want
to
give
camera
or
microphone
access
and
at
some
point
maybe
you
will
want
to
talk,
but
you
use
Moo
I'd
still
want
to
select
your
headset,
for
instance,
so
we
have
this
limitation
there
next
slide.
F
So
the
proposal
there
is
instead
of
PG
backing
on
microphone,
microphone
and
camera
access.
We
should
basically
palm
the
user
first
for
selection
on
the
right.
You
can
see
a
prompt
there,
which
is
actually
a
screenshot
of
what
the
phone
app
on
iOS
is
allowing
you
to
choose.
It
would
be
great
if
the
browser
could
somehow
implement
that
allow
the
user
to
select
which
device
and
then
return
the
result
as
an
ID.
So
I
I
see
two
different
options.
There.
F
One
is
a
new
API,
so
basically
you
add
like
an
API
which
is
select
audio
output.
So
the
webpage
wants
the
user
to
select
a
speaker.
It
returns
a
dump
train
and
then
you
can
use
setting
ID
on.
However,
HTML
media
element,
you
actually
want
to
to
set
the
speaker.
Of
course.
If
the
device
is
selected
there,
then
it
can
be
exposed
in
any
way
devices
list.
F
Is
basically
oh,
we
have
HTML
media
elements
and
seek
ID
if
the
ID
that
is
given
to
setting
ID
is
not
in
the
list
provided
by
element.
Advices
static
ID
will
currently
reject
and
we
can
change
the
spec
so
that
if
the
ID
is
null
and
define
or
not
in
the
list,
then
the
browser
should
prompt
and
we
will
be
back
to
now.
F
So
they
are
trade
off
between
both
approaches.
The
second
option
there's
no
need
for
a
new
API.
The
first
option
is
nicer
in
some
sense,
if
you
think
that
maybe
in
the
future,
you
actually
want
to
have
way
about
you
as
well,
so
in
in
that
case
you
might
need
it
might
make
sense
to
use
selected
your
input.
F
F
L
Sorry
I'm
home
here,
so
the
set
sync
ID
having
that
be
asynchronous
already,
is
good
and
the
right
now
there's
no
penalty
for
calling
it
so
having
it,
and
if
we
changed
it
so
that
they
would,
the
JavaScript
basically
risks
showing
a
prompt
that
might
actually
be
a
deterrent.
That's
similar
to
using
getusermedia
today
to
prevent
people
from
sniffing
IDs
that
make
sense
yeah.
F
L
And
I
think
I,
don't
know
if
you're
gonna
get
to
persistence
of
IDs
but
I
think
a
current
proposal.
It
says
in
the
spec
that
the
ID
IDs
that
are
not
listed
in
the
numerator
devices
will
not
work
with
sensing.
Kaiji
I
have
some
concerns
with
that
because,
for
instance,
some
browsers
persist
permission
very
easily
and
others
so
for
other
browsers,
some
websites
might
get
into
into
a
pattern
assuming
that
they
have
IDs
on
a
revisit
even
before
they've.
L
You
know
if
you
store
an
ID
in
local
storage
and
you
revisit
the
page
if
it
works
in
some
browsers,
because
of
permissions
are
more
permissible
there,
but
not
in
others.
That
would
be
a
web
compact
problem.
So
I
think
you
would
be
more
reasonable.
So
if
you
have
a
local
storage
ID,
even
if
it's
not
listed
in
the
numerator
devices,
if
we
could
still
allow
it
to
work
with
set
sync
ID
B,
this
might
work.
F
Then
I
understand
it
currently,
if
you
load
the
page,
the
innovative
devices
list
will
be
empty
or
contain
one
camera
one
microphone,
and
that's
all
no
no
speakers,
so
you
will
will
stay
with
that.
That
approach,
which
means
that
there
will
be
no
issue
there
will
be
a
prompt.
Basically,
if
you
try
to
reuse
an
existing
item
in
all
cases,
no
matter
the
permission
model
of
any
part.
F
L
So
me
again
on
the
persistence.
So
it's
true
today
that
you
don't
get
any
devices
in
the
numerator
devices
for
camera
microphone
B.
You
can
still
use
a
stored
device
ID
that
that's
not
showing
up
in
the
list.
You
can
still
use
that
as
a
constraint
and
getusermedia
and
have
that
work
correct.
So
so
it
should
be
similarly
possible
here.
I
think,
what's
that
sync
ID,
if
that's
possible,
then
I
like
it.
F
C
F
F
C
C
E
C
N
F
L
F
C
A
M
Some
some
extra
thoughts
from
my
side
as
well
so
public,
so
there
should
be
a
way
for
application
to
have
control
over
which
device
it
chooses.
For
example,
right,
even
if
you
are
seeing
some
broadcast
right
or
just
hearing
to
broadcast,
you
want
to
play
it
out
right
and
you
application
sees.
There
are
multiple
outputs
devices
attached
to
computer
like
a
headset
speaker
phone
as
well
as
for
application.
M
I
can
have
some
smartness
too
site
on
behalf
of
user,
which
one
of
them
to
use
right
and
the
only
thing
that
application
misses
is
actually
users
permission
to
go
and
enumerate
those
output
devices
right.
So
we
really
just
need
a
way
to
get
a
permission
and
then
to
enumerate
not
like
using
the
system
dialog
that
you've
have
a
screenshot
here,
un,
but
but
just
internally
to
enumerate
devices
right.
Wouldn't
that
be
a
scenario?
Are
you.
F
If
you
look
at
what
the
privacy
working
groups
or
community
group
is
actually
trying
to
draft
the
addressing
various
approaches
to
protect
again
privacy
and
fingerprinting
issues-
and
there
are
various
approaches-
they
are
like
approaches-
hey
a
CSS
property
that
says
paint
I
can
blue
it
as
a
camera.
That's
that's
something
that
is
very
protective.
M
M
Cities,
but
not
necessarily
right
application
on
behalf
of
the
user,
can
make
a
smarter
choice
or
at
which
present
the
list,
as
it
believes,
would
make
more
sense
for
the
user
right
user.
Of
course,
you
should
have
a
chance
to
like,
for
example,
right
front
facing
back
facing
camera.
So
when
you
do
a
real-time
call,
right,
you're
highly
likely
to
use
the
front
facing
camera
right,
so
you
should
put
that
first
in
the
list.
Potentially
right,
not
the
second,
you
see
I.
F
F
M
F
I
F
F
F
F
So
sensing
light
is
great,
but
basically
for
most
applications.
It
requires
calling
static,
ID
on
all
media
elements
and
plus
there's
no
Web
Audio
API,
yet
plus
there's
no
third-party
I'll
frame
control.
And
if
you
look
at
the
typical
case,
the
typical
case
is
that
an
application
will
only
use
one
single
audio.
F
F
But
in
most
cases
most
of
the
content
will
go
to
just
one
output
and
it
might-
and
it's
already
surfacing
somehow
in
operating
system
right
in
operating
system.
You,
you
know
which
one
is
the
main
one
that
is
being
used.
Of
course,
an
application
can
decide
to
override
that
and
use
something
else,
but
usually
all
applications
are
using
the
same.
The
same
audio
output,
so
I
think
it
would
be
good
that
next
slide.
We
actually
allow
a
web
page
to
do
the
same
thing.
F
My
understanding
is
that
it's
simpler
for
most
web
pages,
it's
less
error-prone.
It's.
It
also
allows
web
browsers
to
optimize
things
to
be
able
to
present
to
users
at
waist
level.
What
the
audio
output
of
this
page
is,
which
is
nice
and
for
some
operating
system,
it's
so
much
easier
to
internet
as
a
first
step,
like
all
the
audio,
we
go
in
only
one
output
for
the
whole
page,
any
feedback.
F
F
A
K
L
F
L
Okay,
it
could
you
clarify
the
last
point,
because
you're
saying
that
third
fourth
party
iframes
would
also
are
you
saying
iframes
within
that
page,
whether
they're
third
party
or
not,
would
also
be
affected
by
this
yep?
Okay,
so
you're
not
advocating
for
a
knife
in
control
of
this
feature
other
than
you
know
not
/.
F
L
See
I
think
there's
a
separate
discussion
here
about
whether
iframes
should
be
given
the
permissions
policy
to
call
society
themselves,
but
by
default
they
would
hopefully
not
have
that
ability.
If
we
do
that
and
then
it
would
be
bound
to
what
the
default
is
in
the
top-level
domain.
That
sounds
good
cool,
yeah
I
like
that.
F
A
F
A
L
So
that
starts
most
of
WebRTC
sites
that
I've
tested
actually
have
some
constraints
like
a
min
and
Max,
so
for
them
to
build
their
own
device.
Pickers.
If
you
go
into
there
are
some
settings
on
the
site
they
would
in
order
to
enforce
the
same
constraints
like
nothing
below
six
4480,
for
example,
to
build
a
picker
they'd
need
all
this
information
so
that
they
can
filter
out
the
list
of
tissue,
but
it's
a
trouble
of
fingerprinting
information,
so
that
would
be
good
to
get
rid
of
so
I.
Guess
it's
just
the
only
question
here.
L
F
That
said,
I
see
some
value
so
I'm
not
against
it,
because
we
haven't
implemented
yet
I'm,
not
against
removing
it.
I
think
that
in
terms
of
fingerprinting,
somehow
it's
fine
because
you
exploit
your
device
and
I
in
general.
I
prefer,
since
we
had
a
media
device
info
I
prefer
that
it's
we
have
the
gate.
Capabilities
at
the
media
device
info
level,
then
add
the
media
stream
track
level,
but
we
have
at
both
currently
so.