[w3ctag/design-reviews] Securer Contexts (#471) from Mike West on 2020-02-05 (public-webapps-github@w3.org from February 2020)

From: Mike West <notifications@github.com>
Date: Wed, 05 Feb 2020 05:34:50 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/471@github.com>

Hello TAG!

I'm requesting a TAG review of [Secur<em>er</em> Contexts](https://github.com/mikewest/securer-contexts/).

[Secure Context's threat model](https://w3c.github.io/webappsec-secure-contexts/#threat-models) encompasses the transport layer. This proposal would extend it to include attackers with the ability to inject code into a victim's document (by tricking either the server or client-side code), and attackers who seek to include a victim's resources into a context where they may be vulnerable to side-channel attacks. This extension of the threat model would allow us to likewise extend the `[SecureContext]` IDL attribute 

 use the same language we use for HTTPS restrictions today (namely the `[SecureContext]` IDL attribute) to express new requirements for new mitigations.

  - Explainer: https://github.com/mikewest/securer-contexts/
  - Security and Privacy self-review: This is not a new feature in the typical sense, but a discussion of the ways in which I'd like us to collectively be able to restrict new (and existing!) features. I think it would feed into the self-review process, as opposed to being directly subject to it (but I'm happy to fill out the questionnaire if y'all disagree about its relevance).
  - Primary contacts (and their relationship to the specification): 
      - Mike West (@mikewest, Google)
  - Organization/project driving the design: Moi.
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): None yet. This seems solidly architectural in nature, so I came to y'all first. I intend to send it to WebAppSec (and Twitter, I suppose) directly after filing this bug.

Further details:

  - [X] I am passingly familiar with the TAG's [API Design Principles](https://w3ctag.github.io/design-principles/), and in particular its [discussion of Secure Contexts in Section 2.10](https://w3ctag.github.io/design-principles/#secure-context).
  - The group where the work on this design is being done (or is intended to be done in the future): WICG -> WebAppSec + IDL
  - Existing major pieces of multi-stakeholder review or discussion of this design: None.
  - Major unresolved issues with or opposition to this design: None.
  - This work is being funded by: Google, via my paychecks.

You should also know that the TAG was the venue in which Secure Contexts began (hello, @diracdeltas!).

We'd prefer the TAG provide feedback as (please delete all but the desired option) review feedback as a **comment in this issue**, @-notifying @mikewest.

:heart: 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/471

Received on Wednesday, 5 February 2020 13:34:54 UTC