W3C home > Mailing lists > Public > public-web-bluetooth-log@w3.org > August 2016

Re: [web-bluetooth] What is a secure Device Firmware Update Service?

From: Rob Moran via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Aug 2016 19:24:27 +0000
To: public-web-bluetooth-log@w3.org
Message-ID: <issue_comment.created-237344034-1470252266-sysbot+gh@w3.org>
Blacklisting known services/characteristics could lead to implementors
 bypassing the blacklisted IDs by simply using vendor-defined 
services/characteristics.
This potentially leads to fragmenting the well-known service lists, 
making it less manageable and maybe less secure.

I agree with @gfwilliams, a warning dialog or similar (with relevant 
`here be dragons` and `implementor takes no responsibility` caveats) 
seems to be a better approach which warns the user and doesn't get in 
the way of implementing awesome stuff with Web Bluetooth.

Could a model similar to the android app store be implemented?

e.g.

`This web page would like to access the following services on your 
device:`

* Heart Rate
* DFU (Warning, this could break you)

Cancel | Allow |
--- | ---

-- 
GitHub Notification of comment by thegecko
Please view or discuss this issue at 
https://github.com/WebBluetoothCG/web-bluetooth/issues/258#issuecomment-237344034
 using your GitHub account
Received on Wednesday, 3 August 2016 19:24:34 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 3 August 2016 19:24:34 UTC