- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Thu, 24 May 2007 23:41:23 -0400
- To: Johnathan Nightingale <johnath@mozilla.com>
- Cc: michael.mccormick@wellsfargo.com, public-wsc-wg@w3.org
In addition to the points that Johnathan mentions below, it's already
been declared as out of scope for this workgroup to consider cases
where users have installed malicious software. Installing an
extension that either deliberately (in which case the user asked for
the change in the way the indicators were rendered) or maliciously
alters security UI seems similarly out of scope.
But really, Johnathan's reasons are all better than that one ;)
cheers,
mike
On 24-May-07, at 9:49 PM, Johnathan Nightingale wrote:
>
> Given our intimate involvement in the CABForum discussion (despite
> not having anything to do with VeriSign's plugin, really) I figured
> I'd throw in here as well, to explain why I don't think this is a
> good recommendation for our workgroup.
>
> Firefox is a web browser, but it's based on an almost infinitely
> extensible platform. This is a plus for us. But the way that
> platform works means that if someone installs an add-on software
> package, they are essentially re-writing their browser. This is no
> different than installing any other kind of software, and the
> results can be just as epic. I'll say it again, because I think
> it's important:
>
> Installing an add-on is functionally identical to installing any
> other software. It can manipulate the browser in arbitrary ways.
>
> If we write a recommendation which suggests, for instance, that
> user agents not allow add-ons to render security related
> information, we not only do a net disservice to the web (add-ons
> are a great test bed for new ideas about security, e.g. OpenID,
> anti-phishing toolbars, etc.) but we create a recommendation which
> is basically impossible to implement. What qualifies? How would we
> know?
>
> If we write a recommendation which suggests, instead, that browsers
> simply restrict add-ons' ability to alter *existing* security
> indicators ("add ons can't touch the padlock" or some other
> "robustness" measure) we oversimplify the problem. A Firefox add-
> on can replace the entire chrome wholesale, or add new indicators
> which overlay the existing ones, or any number of other things.
> And how do we prevent malware from performing DLL injection or
> other nastiness outside of the add-on framework? Browsers can't
> really police this either, much as we might like to.
>
> An add-on (and once again, I can only speak for mozilla browsers
> here) overlays its logic onto firefox, and has arbitrary control.
> It's not shipped with the browser, it's supplementary software
> voluntarily installed by the user. As far as I can tell, we
> couldn't comply with a recommendation that said otherwise.
>
> Cheers,
>
> Johnathan
>
>
> michael.mccormick@wellsfargo.com wrote:
>> As some of you know, this VeriSign announcement provoked
>> considerable debate among members of the CAB Forum.
>> Cutting out the religious feelings and political agendas that
>> clutter the debate, there does seem to be a key issue web security
>> display at stake:
>> Should web security context displays in chrome be rendered by
>> base
>> web agent software only, or is it acceptable for plug-ins to
>> render
>> it too? If plug-ins render it, what controls need to be in
>> place to
>> ensure this doesn't become a new spoofing vector for phishing
>> perpetrators?
>> If this group is willing to tackle it, I believe this issue is
>> probably in scope of the WSC charter.
>> Mike
>> ---------------------------------------------------------------------
>> ---
>> *From:* public-wsc-wg-request@w3.org [mailto:public-wsc-wg-
>> request@w3.org] *On Behalf Of *McCormick, Mike
>> *Sent:* Wednesday, May 23, 2007 3:22 PM
>> *To:* dan.schutzer@fstc.org; sam.phillips@bankofamerica.com;
>> versace@comcast.net; Chuck@Interisle.net;
>> todd.inskeep@bankofamerica.com; Bob.Pinheiro@fstc.org;
>> Dan.Houser@huntington.com; Tiggas, Mark;
>> matt.barrington@wachovia.com; Pelton, Douglas S.;
>> smb@cs.columbia.edu; solod@citigroup.com; Palmer, Pete;
>> chris.nautiyal@fstc.org; tom.keane@wachovia.com;
>> john.fricke@fstc.org; Lyman@Interisle.net;
>> richard.a.parry@jpmchase.com; Stan.Szwalbenest@chase.com
>> *Cc:* public-wsc-wg@w3.org
>> *Subject:* FW: VeriSign offers IE7-style EV-SSL "green bar" to
>> Firefox users
>> *Importance:* Low
>> http://www.pcmag.com/article2/0,1895,2134557,00.asp
>
> --
> --
> Johnathan Nightingale
> Human Shield
> johnath@mozilla.com
>
>
Received on Friday, 25 May 2007 03:41:43 UTC