Re: Simple approach for <access>

Hi Thomas,

On Apr 16, 2009, at 17:23 , Thomas Roessler wrote:
> 1. How is the information in this access element going to be used at  
> installation time or distribution time?  I'd like to see some spec  
> text that explains this.

My understanding is that this is like the feature element and others:  
it is metadata and its enforcement depends on a security policy. When  
that security policy intervenes (I would expect at runtime, for every  
access) is presumably orthogonal.

> 2. If one of the risks we're interested in is firewall traversal,  
> then then proposed domain name wildcard has a somewhat different  
> risk profile than just a single domain name:  while you can do a DNS  
> rebinding attack for a single hostname, that's a well-known issue,  
> and hopefully worked around in today's browser engines.  With the  
> wildcard, though, it becomes relatively easy to do firewall  
> traversal:  For example, one could simply generate DNS records  
> n.n.n.n.example.com that point to the IP address n.n.n.n.

I think that this is also meant to be orthogonal to firewalls, but  
maybe I'm missing something?

-- 
Robin Berjon - http://berjon.com/
     Feel like hiring me? Go to http://robineko.com/

Received on Sunday, 19 April 2009 14:25:30 UTC