On Fri, Sep 25, 2015 at 9:14 PM, Jeffrey Yasskin <jyasskin@google.com> wrote: > > Yeah, *browsers* should trust the origin information they find in a Web > NFC message. I do think the spec should warn *website authors* that the > information may have come from a malicious or pwned tag/peer, rather than > their own manufacturer, and that the website should check the data before > trusting it. > Yes, that could be done: "if data integrity is important for you, implement it, we're just a transport". However, it worries me that we still intend to base UA policies on fragile information. Anyway that cannot be done by web pages, so one could call the risk out of scope for the Web NFC API (with a note). > > Remember that we're trying to prevent web pages from writing to tags that > don't already advertise an origin matching the page's origin. So pages can > only attack "their own" devices. > > If the browser can restrict writes to own-origin tags, then pages can't > rewrite a tag with different origin information. > And how the browser would write the tag the first time? Do we require that 1. we only write an empty or "same-origin" tag? Or could a page 2. write a "cross-origin" or "no-origin" tag against a user prompt (powerful feature)? Thanks, Zoltan
Received on Friday, 25 September 2015 18:35:34 UTC