Re: Agenda for Privacy CG call on 2023-01-12 from Krishnamurthy Ganesh B on 2023-01-20 (public-privacycg@w3.org from January 2023)

From: Krishnamurthy Ganesh B <ganeshsurfs@gmail.com>
Date: Fri, 20 Jan 2023 18:07:05 +0530
To: Martin Thomson <mt@mozilla.com>, wilander@apple.com
Cc: public-privacycg@w3.org
Message-ID: <CAMmT1pKiyJYg36sT+dNQu4wRoR5OFSO=7jFn=wHmih0kXOBVXQ@mail.gmail.com>

Hello,

Looking at the minutes of the meeting I see a similar use case of iFrame
facing a "similar best practice translation" problem of the core issue of
sandboxing and access of data, cookies. I wish you could help me loop in
the W3C WebApp security Group for the benefit in large.

I had a small feature request:
Sandboxing access and CSRF, XSS, Script Inject attacks/ based Background
data send blocking.

"I wanted to propose sharing of work on features and IP Process of Security
Sandboxing (Feature/Domains) for the browsers. The focus is to create hard
sandboxing of browsers to target XSS, CSRF, Cross Domain
Shared/non-shared Cookie Access Blocking from third party domains.
Possibly, ScriptInjection (urls, plus ...) as well.". The knowledge
database for blocking CSP, XSS, CSRF, CS-Cookies, Script Injection in URLS,
Images, etc are already available and sandboxing along with sanity checks
using a strict mode option in these sections may be a great fit for browser
feature and W3C standard both? Domain hard sandboxing is one of the many
target points I may also wish to explore considering so many cross domain
cookie thefts and forgeries; apart from the fact that MIM attacks are yet
one breach point that may need to be addressed separately.

I wish the team shared their views. I wish I could share some/ many I have
faced.

Regards,
Ganesh B

On Fri, Jan 20, 2023 at 5:36 AM Martin Thomson <mt@mozilla.com> wrote:

> I just merged https://github.com/privacycg/meetings/pull/26, so:
> https://github.com/privacycg/meetings/blob/main/2023/telcons/01-13-minutes.md
>
> On Thu, Jan 19, 2023 at 7:52 PM Krishnamurthy Ganesh B <
> ganeshsurfs@gmail.com> wrote:
>
>> Hello,
>>
>> Are there minutes of the meeting or recording for this meet?
>>
>> Regards,
>> Ganesh B
>> +919986052445
>>
>> On Wed, Jan 11, 2023 at 5:17 AM Martin Thomson <mt@mozilla.com> wrote:
>>
>>> Hey all,
>>>
>>> We have a Privacy CG call scheduled for January 12 in the APAC-friendly
>>> time slot (7pm US Eastern).  An agenda is posted at
>>> https://github.com/privacycg/meetings/blob/main/2023/telcons/01-13-agenda.md
>>>
>>> We currently have just one item on our agenda. If you have something you
>>> wish to discuss, let me know.
>>>
>>> Cheers,
>>> Martin
>>>
>>
>>
>> --
>> Regards,
>> K. Ganesh Bhat, Masters (Life Sciences)
>> ganeshsurfs@gmail.com,
>>
>

-- 
Regards,
K. Ganesh Bhat, Masters (Life Sciences)
ganeshsurfs@gmail.com,

Attachments

image/jpeg attachment: Sandboxing__Web_capture_22-6-2022_211742_twitter.com.jpeg
image/jpeg attachment: Web_capture_20-1-2023_174453_mail.google.com.jpeg
image/jpeg attachment: Superficial_Layman_Non-Detailed_View.jpg

Received on Friday, 20 January 2023 12:37:30 UTC