Re: postMessage: origin serialized too early from Ian Hickson on 2009-07-29 (public-html@w3.org from July 2009)

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 29 Jul 2009 00:44:07 +0000 (UTC)
To: Thomas Roessler <tlr@w3.org>
Cc: public-html@w3.org
Message-ID: <Pine.LNX.4.62.0907290040510.3189@hixie.dreamhostps.com>

On Tue, 14 Jul 2009, Thomas Roessler wrote:
> 
> So, moving away from the concrete use case, the (also soft) 
> counter-arguments are:
> 
> 1. Serializing two objects that don't compare as equal when it really 
> matters (i.e., two distinct unique origins) to the same string feels 
> like the kind of thing that, too, might lead to problems later on.
> 
> 2. Long random numbers are commonplace in cryptographic protocols and 
> don't cause trouble there -- why should they cause trouble here?  (In 
> fact, you probably don't even need hard-to-guess numbers here -- unique 
> identifiers that cannot otherwise occur as origins should be enough for 
> the security properties you're looking for here.)

In practice, random numbers expose data about the system state, which is 
one reason it's generally best to be more opaque.

> > > (Or, put differently, what - besides CORS and the Origin proposal - 
> > > is the use case for serializing opaque origins into "null" 
> > > throughout HTML5?)
> 
> > It's not a feature; there's no use case for it. It's just that we have 
> > to serialise to something to keep everything well-defined.
> 
> +1 to "serialize to something" -- though, as noted above, the idea that 
> two significantly distinct objects serialize to the same string strikes 
> me as likely to cause trouble.

I agree that this might introduce problems, but I think in practice it is 
just as likely to introduce problems if we actually expose some unique 
number than if we don't, so I'd really rather not expose the numbers. We 
can always extend this later by returning objects that serialise to null.

I'm not at all comfortable with exposing this data in a way that can be 
shared around, and since the use cases are very minimal, I'd rather just 
not worry about it and continue returning "null".

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 29 July 2009 00:44:44 UTC