W3C home > Mailing lists > Public > public-secondscreen@w3.org > September 2015

Re: [presentation-api] Security and privacy considerations

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Sep 2015 12:10:13 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-144039610-1443528612-sysbot+gh@w3.org>
Good catch. We should note the probing issue in the Security and 
privacy considerations section. This was not touched upon by PING, 
likely since the spec does not mention DIAL explicitly. We could also 
consider amending the respective algorithms with a note. E.g. in 
[Monitor the list of available presentation displays][1]:

>NOTE
>The mechanism used to monitor presentation displays availability and 
determine the compatibility of a presentation display with a given URL
 is left to the user agent.

This could be amended with text that makes it clear that the given URL
 may reveal information about the user's system, e.g. apps installed 
to handle the specifically crafted URL. Also note the UAs may 
implement measures to mitigate that and how. If this warrants changes 
to the algorithm, we should look at that too.

[1]: 
https://w3c.github.io/presentation-api/#dfn-monitor-the-list-of-available-presentation-displays

-- 
GitHub Notif of comment by anssiko
See 
https://github.com/w3c/presentation-api/issues/45#issuecomment-144039610
Received on Tuesday, 29 September 2015 12:10:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 29 September 2015 12:10:15 UTC