- From: Reilly Grant <notifications@github.com>
- Date: Mon, 08 Feb 2021 18:48:40 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 9 February 2021 02:48:52 UTC
Chromium implements a block list mechanism for USB serial devices as a defense-in-depth measure. There are currently no entries. During the development of the WebUSB specification the feedback from Mozillians (not an official Mozilla position) was similar to @tomayac's concerns as the original design required devices to opt in to connections from web content. There are open questions about how registries such as these should be managed to balance the risks against user choice. I don't have a good answer and I think we will need to wait and see how the ecosystem evolves. As mentioned in the "[Security considerations](https://wicg.github.io/serial/#security)" section there is a class of devices which are intentionally insecure which we would never include in the block list. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/431#issuecomment-775617108
Received on Tuesday, 9 February 2021 02:48:52 UTC