W3C home > Mailing lists > Public > public-device-apis@w3.org > February 2011

Re: Communication Log (was: Rechartering Device APIs & Policy Working Group)

From: Robin Berjon <robin@berjon.com>
Date: Thu, 10 Feb 2011 12:26:54 +0100
Cc: public-device-apis <public-device-apis@w3.org>
Message-Id: <8F33F7EF-3D27-4786-9A8C-2F22B23157D0@berjon.com>
To: Bryan Sullivan <blsaws@gmail.com>
Hi Bryan,

On Feb 10, 2011, at 04:08 , Bryan Sullivan wrote:
> On the browser-based email case I did not mean to misquote you

Are you saying that you meant to misquote me on the other emails? ;-)

> , I
> thought you said that "The problem that we keep returning to is that
> we can't find a use case justifying accessing my mailbox from inside
> my browser."

Okay, I see what's unclear here. When I go to GMail, I access information that I deliberately placed and decided to manage there. It's a single service managing data directly. With CommLog, managing that data is potentially exposed to anyone. If I go to evil.com and they trick me into agreeing to expose CommLog, they've got all my email  and that's quite possible because we don't have much of a decent security model for this sort of data.

It gets worse. If I download a signed, reviewed, policy-defended widget that I want to use as my email client then a single, very simple programming error will essentially make all of my email available to an attacker, simply if I open an email he sends me. Why? Because in Web Apps XSS attacks are trivial. See http://berjon.com/blog/2011/02/harmful-trust.html.

Not only do I think that this is a bad idea, but I think that your company, if planning to offer this sort of functionality, should think long and hard about it.

Now I'm not saying that I wouldn't want to make it possible to use web technology to write email clients, in fact I'd love to have my email handled by a host of small web apps used together, each specialised in small things done well (filtering, listing folders, displaying, authoring, etc.). I have yet to see an email client that I don't profoundly dislike and that would rock.

The problem is, we don't at this time have the security model to make that happen.

> I would not propose things that would not "work" in browsers. It will
> work, it's only a question of whether the browser vendors can (or
> really, would) expand their UI/security paradigms to support the use
> cases driving our interests.

It certainly is about security. But that's not just a problem for the browser vendors!

-- 
Robin Berjon - http://berjon.com/
Received on Thursday, 10 February 2011 11:27:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:17 GMT