- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Fri, 07 Nov 2014 08:21:41 +1100
- To: public-geolocation@w3.org
- Cc: mkwst@google.com
On Thu, 6 Nov 2014, at 05:10, Martin Thomson wrote: > An authenticated origin is not sufficient to prevent situations where > users release information. For an authenticated origin to provide > meaningful protection, users not only need to verify that the site is > authenticated (for which there is ample evidence that they do not), > they also need to ensure that it is the site that they intend to send > this information to. That's much, much harder. > > Requiring an authenticated origin is not a particularly high hurdle > for a motivated attacker to clear. In fact, it's trivial to redirect > to an authenticated origin from an authenticated one. Once there, the > entire toolbox of phishing tricks (confusable characters, long names, > etc...) are available to help make the URL look credible. I'm confused, what's the difference between a secure origin and an authenticated origin? I would assume that a secure origin had a valid certificate that was certified by a trusted source. Is it that easy to get such certificate? Also, an issue with using the geolocation api over insecure origins (and especially http) is that you might end up passing in clear trough the wire some personal and identifiable information, which obviously, isn't a great idea. > The cost of the proposed change is that this will actually break sites > that currently use the API. From the large (maps.bing.com) to the > small (www.wtfsigte.com). Chromium added some metrics recently to check whether there is a significant usage on non-secure origins. I think it's too early to share data but I'm pretty sure, we will be able to do so soon. The plan is to iterate from there. If we the usage is low enough, we will try to deprecate the API on non-secure origins. -- Mounir
Received on Thursday, 6 November 2014 21:22:06 UTC