Re: subresource integrity (was Re: PING call) from Christine Runnegar on 2015-05-19 (public-privacy@w3.org from April to June 2015)

From: Christine Runnegar <runnegar@isoc.org>
Date: Tue, 19 May 2015 06:24:12 +0000
To: Kepeng Li <kepeng.lkp@alibaba-inc.com>
CC: Nicholas Doty <npdoty@ischool.berkeley.edu>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <C05E6A6A-43BC-4B3C-A351-AFF4B9E7C798@isoc.org>

Thank you Kepeng and Nick,

I agree that considerations concerning cross-origin data leakage should be described as both privacy and security considerations.

Also, in my view, the text under 5.1 and 5.2 also pertain to privacy, so the simplest solution would be to suggest the section be renamed “Privacy and Security Considerations” or “Security and Privacy Considerations”.

Kepeng, as to your suggestion, rather than “reveal user privacy”, perhaps “This might impact a user’s privacy, for example, by revealing whether to not a user is logged into a particular service”.

All, are there any text suggestions as to how to highlight the privacy-related aspects of 5.1 and 5.2? Similarly, are there any other issues that should be called out in this section?

Christine

> On 19 May 2015, at 6:10 am, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
> 
> >For example, cross-origin data leakage is one of the considerations there.
> 
> OK, I got it. If there is data leakage, it will also cause privacy issues. 
> 
> Maybe we can change the sentence a little bit to reflect this:
> 
> 5.3 Cross-origin data leakage
> 
> Attackers can determine whether some cross-origin resource has certain content by attempting to load it with a known digest, and watching for load failures. If the load fails, the attacker can surmise that the resource didn’t match the hash, and thereby gain some insight into its contents. This might reveal user privacy, for example, whether or not a user is logged into a particular service.
> 
> Thanks,
> 
> Kind Regards
> 
> Kepeng Li
> Alibaba Group
> 
> 发件人: Nicholas Doty <npdoty@ischool.berkeley.edu>
> 日期: Tuesday, 19 May, 2015 9:40 am
> 至: Li Kepeng <kepeng.lkp@alibaba-inc.com>
> 抄送: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> 主题: subresource integrity (was Re: PING call)
> 
> On May 18, 2015, at 5:20 AM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
>> 
>>> 2. Privacy review request from Web Applications Security WG concerning
>>> Subresource Integrity [1]
>> 
>> It seems that there are no privacy considerations in this document.
>> 
>> Should we add something?
> 
> There is a Security Considerations section that is likely relevant to the things we typically review:
> 
> http://w3c.github.io/webappsec/specs/subresourceintegrity/#security-considerations-1

> 
> For example, cross-origin data leakage is one of the considerations there. I wonder if authors should typically write these as "Security and Privacy Considerations" since they so often overlap.
> 
> npd

Received on Tuesday, 19 May 2015 06:24:43 UTC