- From: Kornel Lesiński <kornel@geekhood.net>
- Date: Sun, 26 Feb 2012 03:59:33 -0000
- To: "Charles Pritchard" <chuck@jumis.com>
- Cc: "public-html@w3.org" <public-html@w3.org>
On Sun, 26 Feb 2012 01:34:43 -0000, Charles Pritchard <chuck@jumis.com> wrote: > It is the scripting environment and related sandbox that is treated as > an adversary. The scripting environment on a page is controlled by: publisher (page source), user (bookmarklets, extensions), browser vendor and possibly others via page's vulnerabilities (XSS). Are all of them considered adversaries then? Can you clarify what do you mean by "related sandbox"? > The user may have a separate security system in place, in hardware, on > the OS or otherwise separate. How does this security system establish chain of trust? Where does the chain end (Content Decryption Module, browser, OS, display)? > That said, sure, it is obvious that the intentions of many parties here > are not cleanly nor clearly related to user privacy. Sorry, I don't understand how this relates to whether user is an adversary for the scheme or not. -- regards, Kornel Lesiński
Received on Sunday, 26 February 2012 04:00:25 UTC