Re: subresource integrity (was Re: PING call)

Thank you Christine.

> Kepeng, as to your suggestion, rather than “reveal user privacy”,
>perhaps “This might impact a user’s privacy, for example, by revealing
>whether to not a user is logged into a particular service”.


Yes, that is better.

> All, are there any text suggestions as to how to highlight the
>privacy-related aspects of 5.1 and 5.2?

About Section 5.1, it seems that the sentence below has some grammar
issues. Maybe somebody can take a look.

Integrity metadata delivered to a context that is not a secure context,
such as an only protects an origin against a compromise of the server
where an external resources is hosted.


About Section 5.2, we can say, this can avoid revealing user’s privacy
information by hash collision attacks.

Kind Regards


Kepeng Li
Alibaba Group


在 19/5/15 2:24 pm, "Christine Runnegar" <runnegar@isoc.org> 写入:

>Thank you Kepeng and Nick,
>
>I agree that considerations concerning cross-origin data leakage should
>be described as both privacy and security considerations.
>
>Also, in my view, the text under 5.1 and 5.2 also pertain to privacy, so
>the simplest solution would be to suggest the section be renamed “Privacy
>and Security Considerations” or “Security and Privacy Considerations”.
>
>Kepeng, as to your suggestion, rather than “reveal user privacy”, perhaps
>“This might impact a user’s privacy, for example, by revealing whether to
>not a user is logged into a particular service”.
>
>All, are there any text suggestions as to how to highlight the
>privacy-related aspects of 5.1 and 5.2? Similarly, are there any other
>issues that should be called out in this section?
>
>Christine
>
>> On 19 May 2015, at 6:10 am, Kepeng Li <kepeng.lkp@alibaba-inc.com>
>>wrote:
>> 
>> >For example, cross-origin data leakage is one of the considerations
>>there.
>> 
>> OK, I got it. If there is data leakage, it will also cause privacy
>>issues. 
>> 
>> Maybe we can change the sentence a little bit to reflect this:
>> 
>> 5.3 Cross-origin data leakage
>> 
>> Attackers can determine whether some cross-origin resource has certain
>>content by attempting to load it with a known digest, and watching for
>>load failures. If the load fails, the attacker can surmise that the
>>resource didn’t match the hash, and thereby gain some insight into its
>>contents. This might reveal user privacy, for example, whether or not a
>>user is logged into a particular service.
>> 
>> Thanks,
>> 
>> Kind Regards
>> 
>> Kepeng Li
>> Alibaba Group
>> 
>> 发件人: Nicholas Doty <npdoty@ischool.berkeley.edu>
>> 日期: Tuesday, 19 May, 2015 9:40 am
>> 至: Li Kepeng <kepeng.lkp@alibaba-inc.com>
>> 抄送: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
>> 主题: subresource integrity (was Re: PING call)
>> 
>> On May 18, 2015, at 5:20 AM, Kepeng Li <kepeng.lkp@alibaba-inc.com>
>>wrote:
>>> 
>>>> 2. Privacy review request from Web Applications Security WG concerning
>>>> Subresource Integrity [1]
>>> 
>>> It seems that there are no privacy considerations in this document.
>>> 
>>> Should we add something?
>> 
>> There is a Security Considerations section that is likely relevant to
>>the things we typically review:
>> 
>> 
>>http://w3c.github.io/webappsec/specs/subresourceintegrity/#security-consi
>>derations-1
>> 
>> For example, cross-origin data leakage is one of the considerations
>>there. I wonder if authors should typically write these as "Security and
>>Privacy Considerations" since they so often overlap.
>> 
>> npd
>

Received on Tuesday, 19 May 2015 11:04:12 UTC