Re: text/sandboxed-html from Robert O'Callahan on 2010-06-10 (public-html@w3.org from June 2010)

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 10 Jun 2010 17:24:36 -0400
To: Adam Barth <w3c@adambarth.com>
Cc: Artur Adib <arturadib@gmail.com>, Maciej Stachowiak <mjs@apple.com>, public-html@w3.org, Leonard Rosenthol <lrosenth@adobe.com>, Ian Hickson <ian@hixie.ch>
Message-ID: <AANLkTilptG21Kx3BpvSzi46X6vAR7cq1v9EAfgUF81Gx@mail.gmail.com>

On Thu, Jun 10, 2010 at 5:21 PM, Adam Barth <w3c@adambarth.com> wrote:

> I guess I don't understand the transition plan.  Would we eventually
> remove support for plug-ins that don't understand sandboxing?  If not,
> couldn't an attacker always use XYZ random plug-in to break the
> security properties?


Users that don't have XYZ random plugin installed (i.e. almost all users)
would be protected.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]

Received on Thursday, 10 June 2010 21:25:05 UTC