Re: [fetch] Request for support for certificate pinning (#98)

> Your assumption that there is zero relationship with those sites is not true for all the examples I brought up so far. 

It isn't an assumption - it's a statement about all the knowledge that a browser has. I haven't said it is impossible for their to be a business relationship - but that it is impossible for a browser to know such a relationship. The only way it can be modeled is by receiving the assent from the destination server to have it's policy dictated by the linking server, and that is fundamentally incompatible with your objectives (to avoid preloading and to avoid contacting the server).

> We have a real threat model that you still failed to provide a solution for except "That's not how we do things here". I'm asking you to step back a bit and try to help me find a solution for this that is not a "footgun".

Indeed, because I fundamentally believe that your problem is not something that should be solved at this layer. Regardless of the validity of your threat model, the operational complexity and necessary tradeoffs are clear that the solution cannot and must not be at this layer.

I am not terribly interested in helping you engineer a solution, I will readily admit. I have neither the time, energy, nor interest. However, that blunt truth doesn't change the fact that what is proposed is a bad solution, and one that shouldn't be supported. My hope is that I have explained the reasons and concerns why, and that you might reconsider and explore alternatives that might mitigate these concerns, and if you find something, to discuss that. But my inability and unwillingness to provide free consulting wouldn't justify pursuing the proposed path.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/98#issuecomment-130778080

Received on Thursday, 13 August 2015 17:52:07 UTC