- From: Robin Berjon <robin@berjon.com>
- Date: Thu, 10 Feb 2011 12:26:54 +0100
- To: Bryan Sullivan <blsaws@gmail.com>
- Cc: public-device-apis <public-device-apis@w3.org>
Hi Bryan, On Feb 10, 2011, at 04:08 , Bryan Sullivan wrote: > On the browser-based email case I did not mean to misquote you Are you saying that you meant to misquote me on the other emails? ;-) > , I > thought you said that "The problem that we keep returning to is that > we can't find a use case justifying accessing my mailbox from inside > my browser." Okay, I see what's unclear here. When I go to GMail, I access information that I deliberately placed and decided to manage there. It's a single service managing data directly. With CommLog, managing that data is potentially exposed to anyone. If I go to evil.com and they trick me into agreeing to expose CommLog, they've got all my email — and that's quite possible because we don't have much of a decent security model for this sort of data. It gets worse. If I download a signed, reviewed, policy-defended widget that I want to use as my email client then a single, very simple programming error will essentially make all of my email available to an attacker, simply if I open an email he sends me. Why? Because in Web Apps XSS attacks are trivial. See http://berjon.com/blog/2011/02/harmful-trust.html. Not only do I think that this is a bad idea, but I think that your company, if planning to offer this sort of functionality, should think long and hard about it. Now I'm not saying that I wouldn't want to make it possible to use web technology to write email clients, in fact I'd love to have my email handled by a host of small web apps used together, each specialised in small things done well (filtering, listing folders, displaying, authoring, etc.). I have yet to see an email client that I don't profoundly dislike and that would rock. The problem is, we don't at this time have the security model to make that happen. > I would not propose things that would not "work" in browsers. It will > work, it's only a question of whether the browser vendors can (or > really, would) expand their UI/security paradigms to support the use > cases driving our interests. It certainly is about security. But that's not just a problem for the browser vendors! -- Robin Berjon - http://berjon.com/
Received on Thursday, 10 February 2011 11:27:22 UTC