- From: Yves Lafon <notifications@github.com>
- Date: Tue, 28 Sep 2021 01:46:45 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 28 September 2021 08:46:57 UTC
Hi @letitz Yes, it is quite clear that the goal is to prevent CSRF attacks, but for example, being able to access a device on your local network from outside has its value, be it a printer, a music player or a cloud-based configuration manager for some of your local devices. In the first case, you can't really expect to upgrade the firmware on your printer, while on the second case it is trivial to do so to support a more secure way of allowing this kind of interaction. This is the reason why it would be good for _some_ services to see them not as services, but as attached pseudo-devices (the printer case). On the second point, I think there is a difference between the local network and the private networks you can reach, like corporate private networks. The pseudo-device use case makes sense only for local networks, not for corporate private networks, for example. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/572#issuecomment-928985754
Received on Tuesday, 28 September 2021 08:46:57 UTC