[whatwg] "secure" attribute in Storage section of WA spec

On 26/06/06, Ian Hickson <ian at hixie.ch> wrote:
> On Mon, 26 Jun 2006, Gervase Markham wrote:
> > >
> > > interface StorageItem {
> > >            attribute boolean secure;
> > >            attribute DOMString value;
> > > };
> >
> > I would like to suggest the the "secure" attribute be an integer rather
> > than a boolean, initially with 0 meaning insecure, and 1 meaning secure.
> >
> > So, for example, you could have StorageItems which were only returned if
> > the page on the site was secured with a new EV cert, and was not
> > accessible to pages which had an ordinary cert or no cert.
>
> Is it ever possible to get an "ordinary cert" which claims to identify
> some domain, but which was not purchased by the owners of that domain?

Depends on your definition of "ordinary" - what about self-signed
certificates, or certificate chains that do not resolve to a known
root certificate? A very security conscious application author might
want to be able to limit access to stored data only to certificates
that are 100% kosher, so that even if the UA warns the user about a
certificate problem and the user accepts it, stored information isn't
made available.

> The
> only reason for the "secure" attribute is to avoid DNS spoofing; the flag
> has two values -- allow DNS to be spoofed and return the item whether or
> not the site was spoofed, and only return the item if the site's
> certificate matched the domain name of the site.

In that case perhaps a bit more prose listing a few other scenarios
UAs should limit access to stored info would do, such as ?


-- 
Hallvord R. M. Steen

Received on Wednesday, 28 June 2006 15:50:49 UTC