Re: [W3C security] Proposal: Prefer secure origins for powerful new web platform features from Ryan Sleevi on 2014-07-01 (public-web-security@w3.org from July 2014)

From: Ryan Sleevi <ryan-w3-web-security@sleevi.com>
Date: Tue, 1 Jul 2014 10:08:06 -0700
To: "Rigo Wenning" <rigo@w3.org>
Cc: public-web-security@w3.org, "GALINDO Virginie" <virginie.galindo@gemalto.com>
Message-ID: <dc37da9f818428538f56f4a7292d4427.squirrel@webmail.dreamhost.com>

On Sun, June 29, 2014 4:44 am, Rigo Wenning wrote:
>  On Saturday 28 June 2014 05:36:24 GALINDO Virginie wrote:
> > Granting permissions to unauthenticated origins is, in the presence of
> > a network attacker, equivalent to granting the permissions to any
> > origin. The state of the internet is such that we must indeed assume
> > that a network attacker is present.
>
>  The error here is that we assume the service/origin to be trustworthy
>  and the attacker to be malicious. But in case of tracking, the
>  authentication actually harms. So having more authentication isn't
>  providing more security for the end user in general. In tracking, the
>  service you're interacting with is the attacker. How does your model
>  cope with this and how is it avoiding to switch from tracking to
>  authenticated tracking?
>
>  Now if we want to talk about origins and trustworthiness of code, how
>  does your work relate to the Trusted Computing platform? Is it just
>  basing itself on TLS or is it going further? Or is it just a list of
>  partial URI-strings that will trigger better permissions? Have you
>  thought about integrating provenance into the model?
>
>   --Rigo
>

Rigo,

Virginie's forward dropped all of the lists that this was sent to,
including the place it's actually being discussed
(blink-dev@chromium.org). If you wish for a reply, your best option is to
actually send it to a list where it is being discussed.

I fear you've misunderstood the proposal, or confused it with something
else. With the exception of client certificates (which provide TLS mutual
authentication), TLS only authenticates a server to a client, not a client
to a server. This notion of "authenticated tracking" is thus a
fabrication, because it does not exist, any more than it does for HTTP.
Note also that the discussion of "secure origins/transports" is not
exclusive towards HTTPS, and includes other forms of code authentication,
such as signed extensions.

This has nothing to do with Trusted Computing Platform. Again, I suspect
there is some confusion about what's being proposed, and you'd be best off
seeking clarification where it's being discussed if you feel it's
worthwhile.

Cheers,
Ryan

Received on Wednesday, 2 July 2014 12:27:33 UTC