W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2006

[whatwg] "secure" attribute in Storage section of WA spec

From: Hallvord R M Steen <hallvors@gmail.com>
Date: Thu, 29 Jun 2006 00:50:49 +0200
Message-ID: <dd4c8a40606281550w2d91bc87m82dcde32e4a8bcf9@mail.gmail.com>
On 26/06/06, Ian Hickson <ian at hixie.ch> wrote:
> On Mon, 26 Jun 2006, Gervase Markham wrote:
> > >
> > > interface StorageItem {
> > >            attribute boolean secure;
> > >            attribute DOMString value;
> > > };
> >
> > I would like to suggest the the "secure" attribute be an integer rather
> > than a boolean, initially with 0 meaning insecure, and 1 meaning secure.
> >
> > So, for example, you could have StorageItems which were only returned if
> > the page on the site was secured with a new EV cert, and was not
> > accessible to pages which had an ordinary cert or no cert.
>
> Is it ever possible to get an "ordinary cert" which claims to identify
> some domain, but which was not purchased by the owners of that domain?

Depends on your definition of "ordinary" - what about self-signed
certificates, or certificate chains that do not resolve to a known
root certificate? A very security conscious application author might
want to be able to limit access to stored data only to certificates
that are 100% kosher, so that even if the UA warns the user about a
certificate problem and the user accepts it, stored information isn't
made available.

> The
> only reason for the "secure" attribute is to avoid DNS spoofing; the flag
> has two values -- allow DNS to be spoofed and return the item whether or
> not the site was spoofed, and only return the item if the site's
> certificate matched the domain name of the site.

In that case perhaps a bit more prose listing a few other scenarios
UAs should limit access to stored info would do, such as ?


-- 
Hallvord R. M. Steen
Received on Wednesday, 28 June 2006 15:50:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:28 UTC