W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

Re: Do we need Connectors between javascript and security software at personal device?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 14 Feb 2013 09:05:22 -0800
Message-ID: <511D1952.8090901@mozilla.com>
To: Mountie Lee <mountie.lee@mw2.or.kr>
CC: public-webappsec@w3.org
On 2/13/2013 11:12 PM, Mountie Lee wrote:
> can we image WebAppSec JS API detect antivirus software is running or not?
> can we image WebAppSec JS API detect OS firewall is enabled or not?
>
> is this out of scope of this WG?
>
> this requirement is raised by preparing real security countermeasures.

Those don't fit the current charter (which lists specific items we're 
working on) but if the W3C were to look into them they fit the subject 
matter of this working group.

I would be concerned about the privacy impacts of leaking that 
information to every site on the web. It's not clear to me what gain the 
user gets in return except on a very few sites.

-Dan Veditz
Received on Thursday, 14 February 2013 17:05:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 February 2013 17:05:56 GMT