W3C home > Mailing lists > Public > public-geolocation@w3.org > November 2014

Re: Requiring Authenticated Origins for Geolocation API's: Open Call for Comments (deadline - February 1, 2015)

From: Mounir Lamouri <mounir@lamouri.fr>
Date: Fri, 07 Nov 2014 08:21:41 +1100
Message-Id: <1415308901.74182.187995821.575E047B@webmail.messagingengine.com>
To: public-geolocation@w3.org
Cc: mkwst@google.com
On Thu, 6 Nov 2014, at 05:10, Martin Thomson wrote:
> An authenticated origin is not sufficient to prevent situations where
> users release information.  For an authenticated origin to provide
> meaningful protection, users not only need to verify that the site is
> authenticated (for which there is ample evidence that they do not),
> they also need to ensure that it is the site that they intend to send
> this information to.  That's much, much harder.
> Requiring an authenticated origin is not a particularly high hurdle
> for a motivated attacker to clear.  In fact, it's trivial to redirect
> to an authenticated origin from an authenticated one.  Once there, the
> entire toolbox of phishing tricks (confusable characters, long names,
> etc...) are available to help make the URL look credible.

I'm confused, what's the difference between a secure origin and an
authenticated origin? I would assume that a secure origin had a valid
certificate that was certified by a trusted source. Is it that easy to
get such certificate?

Also, an issue with using the geolocation api over insecure origins (and
especially http) is that you might end up passing in clear trough the
wire some personal and identifiable information, which obviously, isn't
a great idea.

> The cost of the proposed change is that this will actually break sites
> that currently use the API.  From the large (maps.bing.com) to the
> small (www.wtfsigte.com).

Chromium added some metrics recently to check whether there is a
significant usage on non-secure origins. I think it's too early to share
data but I'm pretty sure, we will be able to do so soon. The plan is to
iterate from there. If we the usage is low enough, we will try to
deprecate the API on non-secure origins.

-- Mounir
Received on Thursday, 6 November 2014 21:22:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:10 UTC