Re: [w3ctag/design-reviews] Direct Sockets API (#548) from Matthew Roberts on 2022-04-04 (public-webapps-github@w3.org from April 2022)

From: Matthew Roberts <notifications@github.com>
Date: Mon, 04 Apr 2022 13:12:56 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/548/1087967636@github.com>

@plinss 

Disagree. "This web page is requesting access to your internal network. If you don't trust this web page you may decline. [accept] [decline]." Seems fine to me. Social engineering will always be a part of cyber attacks so I think that falls outside of our scope. It's also not feasible to have protocol-level APIs for every possible protocol in the browser (past and future.) That greatly increases attack surface more than adding a solid socket design, IMO.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/548#issuecomment-1087967636
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/548/1087967636@github.com>

Received on Monday, 4 April 2022 20:13:08 UTC