- From: Jeffrey Walton <noloader@gmail.com>
- Date: Tue, 2 Apr 2013 17:34:40 -0400
- To: Ryan Sleevi <sleevi@google.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Tue, Apr 2, 2013 at 5:27 PM, Ryan Sleevi <sleevi@google.com> wrote: > On Tue, Apr 2, 2013 at 2:16 PM, Jeffrey Walton <noloader@gmail.com> wrote: >> On Tue, Apr 2, 2013 at 2:48 PM, Ryan Sleevi <sleevi@google.com> wrote: >>> .... >>> >>> If an origin does not trust itself (for example, it expects to host >>> both 'sensitive' and 'hostile' code on the same origin), then it >>> should use the same technique that sites have been deploying for the >>> past decade - separating security zones on the basis of origins. >>> Google, for example, has done this quite successfully with >>> accounts.google.com versus the rest of its domains, as have a number >>> of other large sites. This is not limited to the Web Crypto API - this >>> is a security approach fundamental to the web. >> In practice, Google violates SOP from the user's perspective. From the >> user's perspective, domain granularity (and perhaps subdomain) is what >> one has to work with. > > Let's not overload the terms here. > > It's exactly because of SOP that you structure things like this. > > A discussion of what domains logically make up an organization is > certainly interesting, but not for here. I believe its extremely relevant when in lieu of the problems with phishing. You cannot view this from an organization's backend (which might even require expert knowledge of the architecture). You must view it from the user's perspective. Jeff
Received on Tuesday, 2 April 2013 21:35:07 UTC