- From: <bugzilla@jessica.w3.org>
- Date: Tue, 26 Aug 2014 17:19:01 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26401 --- Comment #9 from Mark Watson <watsonm@netflix.com> --- To re-iterate what I said on the call: I see legitimate use-cases for the CDM to supply routing information along with the message. If we don't provide an explicit field for this CDMs will just redefine their message format to be a ( routing, message ) pair. I don't see how we could ban CDMs from basing this routing information in part on information in the initData. The question of the security of the initData is a general one. Keysystem designs need to consider the security implications of using this information. Obviously, the security considerations for information that might influence message routing is different from that for information which might only influence message contents, since you could cause the message not to be sent to the expected place. That is, an attack on the message contents could be mitigated at the server, but an attack on the message routing cannot, because the server might never see the message. Perhaps we need some information in the security considerations about the need to protect initData ? As far as this bug goes, we should avoid showing an example with a security hole, so perhaps the example should mention that the CDM needs to have validated the URL or even show the page validating the URL ? -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 26 August 2014 17:19:02 UTC