The WebRTC guys were really, really, against this. They wanted P2P data channels to always be available, saying that a permissions dialog would confuse people and be too pervasive.
But when I asked for a concrete example that doesn't involve audio or video, I literally got "suppose you are using the web UI on a refrigerator, you might want a data channel to go direct to the fridge instead of to the webserver". At least BitTorrent is a more reasonable example.
Furthermore, data channels break the security model of a browser just using HTTP as configured, as WebRTC bypasses your proxy settings without notice.
WebRTC data channels should NOT be enabled by default and should cause a dialog, as shitty as that is. My approach is to disable it and stick my head in the sand and hope it'll go away, but people seem irrationally excited about it. Basically WebRTC right now is shittier than NetMeeting (1996) but "cool".
I was just addressing (nitpicking?) your characterisation of the browser security model. Some protocols do use the HTTP proxy settings, but eg mail and news protocols don't. Granted those have been phased out of many browsers, but traditionally the browser security model was never "everything goes through HTTP proxies".
Off the top of my head I can't think why WebRTC wouldn't work with normal SOCKS proxies though, like NNTP and mail protocols did.
Probably because adding full networking to browsers is an old topic and probably never gonna happen due to the abuse concerns mentioned.
Plus permissions dialogs sorta don't work, especially for something like networking. "This page wants to use the Internet: Allow?" would just confuse the hell out of users. The alternative, acknowledge that WebRTC data should be a really limited use case, doesn't appeal to the authors/implementors.
But when I asked for a concrete example that doesn't involve audio or video, I literally got "suppose you are using the web UI on a refrigerator, you might want a data channel to go direct to the fridge instead of to the webserver". At least BitTorrent is a more reasonable example.
Furthermore, data channels break the security model of a browser just using HTTP as configured, as WebRTC bypasses your proxy settings without notice.
WebRTC data channels should NOT be enabled by default and should cause a dialog, as shitty as that is. My approach is to disable it and stick my head in the sand and hope it'll go away, but people seem irrationally excited about it. Basically WebRTC right now is shittier than NetMeeting (1996) but "cool".