- From: sleevi <notifications@github.com>
- Date: Fri, 21 Apr 2017 10:48:58 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/530/296258366@github.com>
You haven't explained how or why it's the browser's (or any applications') responsibility to protect servers from the user's OS or implementation of standard-defined behaviours. My interpretation of your position is that the desired end-state is for a system to be built on a defined architecture that fully implements everything from an instruction set to the 'browser', because that's the only way you can be assured the degree of control. To an extent, this is what Firefox has practiced in some key and critical areas (e.g. PKI and Crypto) that doesn't work with how other browsers and systems are designed. If your concern is one of predictability, that predictability is afforded - by other specifications - or intentionally left opaque (in the case of security policy). You have yet to demonstrate why it is the browser's responsibility to control or reimplement what the OS does or provides for all applications and shares between all applications. The fact that other applications will interact with and can induce these actions to happen, regardless of any browser mitigations, are to me demonstrations that it's a false security boundary. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/530#issuecomment-296258366
Received on Friday, 21 April 2017 17:49:31 UTC