- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 25 Jan 2011 15:19:33 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: Gervase Markham <gerv@mozilla.org>, Lucas Adamski <lucas@mozilla.com>, public-web-security@w3.org
On 01/25/2011 02:32 PM, Adam Barth wrote: >> Others have expressed interest in the existing CSP features within this >> discussion. If people find the features useful now then why would take >> a wait-and-see approach to building them in to the model? > > Because I'd like to wait-and-see whether they're right. :) > > Less glibly, I think that CSP has a bunch of ideas bundled together. > I think some of those ideas are great (like limiting where you get > scripts from), but I think that others aren't as great (e.g., limiting > where you can XHR or the clickjacking mitigation). I'd like to > implement the great ideas now and pave the way for implementing more > great ideas in the future. I do think we're getting somewhere, for what it's worth :-) I agree with you that some of CSP's features are obvious wins. Some of the features are less obvious in terms of immediate benefits provided (more on that below). I think we disagree on which features are obvious wins. I would place content restrictions in the category of obvious win. We have heard people say that CSP "would be a lot less useful if it didn't include those capabilities". This is not a matter of waiting-and-seeing if they are "right". These features fit in to their current use cases. If you have concrete reasons why specific features should be abandoned or deferred until later, now is the time to bring them up. Otherwise, CSP offers a solution to a real set of problems. There may be ways to improve the solutions and we should adopt those if we can discover them. If not, then CSP surely must be better than no solution. I've argued that we should provide more levers because we may be faced with future threats that can be mitigated by pulling some combination of the levers. Admittedly, this is a difficult position to defend as there are no clear and present dangers that all of the proposed levers map to. It would be productive, I think, to debate the merits of the individual features rather than saying "script loading is the only useful part; the rest should be dismissed". We already have evidence to the contrary. I love that this debate finally seems to have some traction. Let's keep it moving forward! Regards, Brandon
Received on Tuesday, 25 January 2011 23:21:58 UTC