Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

On Thu, 17 Dec 2009, Kenton Varda wrote:
> 
> OK, I'm sure that this has been said before, because it is critical to 
> the capability argument:
> 
> If Bob can access the data, and Bob can talk to Charlie *in any way at 
> all*, then it *is not possible* to prevent Bob from granting access to 
> Charlie, because Bob can always just serve as a proxy for Charlie's 
> requests.

If confidentiality was the only problem, this would be true. However, it's 
not the only problem. One of the big reasons to restrict which origin can 
use a particular resource is bandwidth management. For example, 
resources.example.com might want to allow *.example.com to use its XBL 
files, but not allow anyone else to directly use the XBL files straight 
from resources.example.com. A proxy isn't a plausible attack in this 
scenario, because if someone can set up a proxy, they can with much more 
ease simply host the original file (which isn't a problem from the point 
of view of the original site). Furthermore, if someone _does_ host a 
proxy, then they are taking the same load hit as the original site, and 
therefore the risk to the original site is capped.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 17 December 2009 17:38:38 UTC