- From: <bugzilla@jessica.w3.org>
- Date: Tue, 15 Apr 2014 18:37:16 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25345
Ryan Sleevi <sleevi@google.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #7 from Ryan Sleevi <sleevi@google.com> ---
As Boris has explained, this does not provide any meaningful security - but
worse, gives the appearance of security.
If an attacker can inject script, they can alter the operating environment in
any number of ways - from manipulating objects (like String.prototype) to
altering code that calls getRandomValues and such.
Mitigations such as CSP provide meaningful security, and thus should be
encouraged (and, in previous discussions, were attempted to be required - but
to no effect).
The argument for protecting against 'accidental' overwriting is equally
troubling, as it suggests an author capable of implementing secure
cryptography, but not implementing secure javascript - which is a scenario that
is equally doomed to failure independent of the spec action here.
There's no question that we want to remove things that will obviously cause
harm, but at the same time, the security boundaries should be crisp, and we
should only attempt to normatively specify things that will meaningfully
improve security (eg: requiring SSL or CSP)
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 15 April 2014 18:37:18 UTC