W3C home > Mailing lists > Public > public-hb-secure-services@w3.org > November 2016

Re: Mozilla introduced a native app interface (and some more)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 9 Nov 2016 15:01:43 +0100
To: Rigo Wenning <rigo@w3.org>, public-hb-secure-services@w3.org
Cc: Martin Paljak <martin@martinpaljak.net>
Message-ID: <9e120d10-c9ec-7b66-9315-e887423cd948@gmail.com>
On 2016-11-09 10:28, Rigo Wenning wrote:
> On Wednesday, 9 November 2016 07:37:35 CET Martin Paljak wrote:
>> As FF introduced working native messaging support and Edge is coming out
>> with the same in January, the problem is "solved" for desktop browsers.
>> Efforts should be made to come up with a domain specific interface on top
>> of this, so that we could reduce fragmentation, at least what concerns
>> PKI-rooted applications.
>
> "Solved" looks different to me. I consider it "hackable" by sniffing all around
> and sending the right native code to the linux/apple/windows box.


Rigo,

Native Messaging doesn't work this way; it simply opens a "channel" between
a native application and a Web application.

Yes, Google's take on this matter (which the other vendors are slowly trying to
catch-up with), do have serious security limitations[1] but since the self-proclaimed
experts in TAG and WebAppSec have "decided" that Native Messaging is not interesting
(which their more product-oriented colleges obviously does not agree with), there's
not much we can do, at least not the W3C.

I guess the core idea, "democratizing" Web/browser development isn't politically correct.
OTOH, with yesterday's election in mind, maybe this quality is somewhat overrated? :-)


> But the web is much larger than those three OS.

Yes, put together, Android and iOS have a 98% market share on the mobile Web.

Regarding Flyweb, I believe I was wrong (it actually happens...).  It is only
intended for devices on the local network which probably doesn't map particularly
well to Hardware Security services as such.

Anders

1] https://lists.w3.org/Archives/Public/public-webappsec/2015Oct/0071.html


>>
>> The gray area is still mobile platforms...
>
> There, I predict a development that will just use the usual android/ios only
> thing that will force everybody into the eco-system with additional
> governmental power.
>
>  --Rigo
>
Received on Wednesday, 9 November 2016 14:02:22 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 9 November 2016 14:02:22 UTC