- From: Steve Kann <stevek@stevek.com>
- Date: Tue, 26 Nov 2013 19:48:05 -0500
- To: Justin Uberti <juberti@google.com>
- Cc: cowwoc <cowwoc@bbs.darktech.org>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
- Message-Id: <795CE616-549B-495D-A33A-C4960199C13C@stevek.com>
Justin, As one of those who was not in favor if this approach, I agree about the need for safety. I do think, however, that we would be better off if we could find a way to implement the same kinds of safety mechanisms without requiring non-standard approaches. This approach would require developers to build, register, and maintain apps for Chrome, Safari, IE, Firefox, as well as separate developer credentials, etc. Then if there is a bad actor, all of those agencies would need to deal with it separately... And this ends up shutting out upstarts as well. A new vendor coming to market with a browser would not be able to support this kind if functionality, because the app writers would not write apps for them. A chicken and egg problem. -Sent from an iOS mobile device > On Nov 26, 2013, at 7:35 PM, Justin Uberti <juberti@google.com> wrote: > > The fundamental thing about an app install is that it is a metaphor that is fairly well understood. If you install, say, Skype, you are by that action granting it permission to Do Things On Your Behalf, things that could not be done prior to said install. > > The screensharing app/extension install is similar, only with the additional benefits of a) the app is still forced to ask the user which window to share and b) a mechanism for revocation, both of which allow detection and punishment of bad actors. > > I agree completely with Martin that safe-by-design needs to be our goal. For right now, I think the approach mentioned above provides the right balance of functionality and safety, at least until we understand more about how this API will be used. For those arguing for weaker security: given that users routinely turn over their credentials to phishers, how confident are you that all users would click "Cancel" when confronted with some random web page that pops up a screenshare chooser? > > >> On Tue, Nov 26, 2013 at 3:57 PM, cowwoc <cowwoc@bbs.darktech.org> wrote: >>> On 26/11/2013 6:52 PM, Martin Thomson wrote: >>>> On 26 November 2013 15:46, cowwoc <cowwoc@bbs.darktech.org> wrote: >>>> If the default is "don't share" (similar to CORS) then I don't think this >>>> approach scales. >>> If the choice here is between "some sites don't work" and "user's get >>> screwed and don't understand why", I think that I know where I stand. >>> >>> There is a possibility that the default for the top-level frame can be >>> made permissive. That's something that might need some extra thought. >>> I don't think that you can say that iframes are ever safe to allow. >> >> I'm in favor of that approach (top-level frame is permissive and nested iframes are not). >> >> Gili >
Received on Wednesday, 27 November 2013 07:09:05 UTC