Fwd: Intent to deprecate: Insecure usage of powerful features from Christine Runnegar on 2015-02-27 (public-privacy@w3.org from January to March 2015)

From: Christine Runnegar <runnegar@isoc.org>
Date: Fri, 27 Feb 2015 07:05:11 +0000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <1021B153-B4E2-454B-A31A-F26E62CEA830@isoc.org>

Hi all.

Giri from the Geolocation WG requested that we post this message on the PING list to ask whether other browsers vendors have similar plans.

Details below.

Begin forwarded message:

Resent-From: <public-geolocation@w3.org<mailto:public-geolocation@w3.org>>
From: Joel Weinberger <jww@chromium.org<mailto:jww@chromium.org>>
Subject: Intent to deprecate: Insecure usage of powerful features
Date: 27 February 2015 12:25:43 am GMT+1
To: blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>>

Please note that the main discussion for this is intended to be on the blink-dev@chromium.org<mailto:blink-dev@chromium.org> mailing list (https://groups.google.com/a/chromium.org/forum/#!forum/blink-dev). However, to alert relevant groups of the intent, we have bcc’d the following lists on this email:
security-dev@chromium.org<mailto:security-dev@chromium.org>
dev-security@lists.mozilla.org<mailto:dev-security@lists.mozilla.org>
public-webappsec@w3.org<mailto:public-webappsec@w3.org>
public-web-notification@w3.org<mailto:public-web-notification@w3.org>
public-device-apis@w3.org<mailto:public-device-apis@w3.org>
public-geolocation@w3.org<mailto:public-geolocation@w3.org>
public-html-media@w3.org<mailto:public-html-media@w3.org> We want to start applying the concepts in https://w3c.github.io/webappsec/specs/powerfulfeatures/ to features that have already shipped and which do not meet the (new, not present at the time) requirements. We want to start by requiring secure origins for these existing features: - Device motion / orientation - EME - Fullscreen - Geolocation - getUserMedia As with gradually marking HTTP as non-secure (https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure), we expect to gradually migrate these features to secure-only, based on thresholds of usage, starting with lowest usage and moving towards higher. We also expect to gradually indicate in the UX that the features are deprecated for non-secure origins. The deprecation strategy for each of these features is not decided on and may very well differ from feature to feature. We don’t currently know what the thresholds will be, or how heavily used the features are on what kinds of origins. We are in the process of gathering data, and will report back when we have it. There are no firm plans at all at this time, other than eventual deprecation. We intend for this to stimulate a public discussion of the best way to approach this deprecation. So, to that point, we'd love to hear what the community thinks.

Thanks,
Joel Weinberger, Chrome Security

Received on Friday, 27 February 2015 07:05:50 UTC