W3C home > Mailing lists > Public > public-web-bluetooth-log@w3.org > April 2019

Re: [web-bluetooth] Feature Request: Enhance Security by Sending Domain as Meta-data (#435)

From: Reilly Grant via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Apr 2019 16:03:50 +0000
To: public-web-bluetooth-log@w3.org
Message-ID: <issue_comment.created-484574302-1555603428-sysbot+gh@w3.org>
@jyasskin what about defining a GATT Characteristic in the Web Bluetooth specification that the user agent should attempt to write the origin of the script calling BluetoothRemoteGATTServer.connect()? This characteristic would be on the block list so that script cannot write its own value.

The problems with this are,

1. It doesn't prevent native applications from accessing the characteristic and writing any value they like, so this is not a completely trustworthy signal.
2. As with the discussion about similar a origin-locking feature for WebUSB, this allows for vendor lock-in as the device could refuse to communicate with any origin other than the manufacturer's.

GitHub Notification of comment by reillyeon
Please view or discuss this issue at https://github.com/WebBluetoothCG/web-bluetooth/issues/435#issuecomment-484574302 using your GitHub account
Received on Thursday, 18 April 2019 16:03:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:58:27 UTC