Re: [UMP] Feedback on UMP from a quick read

On Sat, Jan 9, 2010 at 2:23 PM, Adam Barth <> wrote:
> On Sat, Jan 9, 2010 at 1:57 PM, Tyler Close <> wrote:
>> On Sat, Jan 9, 2010 at 10:20 AM, Adam Barth <> wrote:
>>> That's the security model we have.  For example, it's safe to return
>>> untrusted HTML tags with certain media types but not with others.
>> Just because the Same Origin Policy is full of bizarre gotchas doesn't
>> mean the UMP must also be. Using the UMP with permission tokens
>> eliminates several of the gotchas. I'm taking every opportunity I can
>> to provide developers with a more reasonable security model. Surely a
>> security expert must applaud this effort.
> You're making the security model *weaker* though.  Why not make it stronger?
> Your reaction to a small (i.e., partial) leak of information in one
> media type is to open the floodgates for leaking all information about
> all media types.  That doesn't make any sense.

Originally, you characterized your scenario as obscure. Now you say
it's opening the floodgates. I don't find your frequent outbursts of
hyperbole at all constructive. Others have pointed this out more
subtly, but I guess you didn't get the hint.

In any case, I thought following of non-uniform redirects was the
original semantics introduced by CORS and so decided to retain it.
Like I said in the last email, I am reconsidering that based on
Maciej's correction.

And just to be clear. In no reasonable way can either decision be said
to "open the floodgates". I also don't see any reasonable way to
conclude that the UMP security model is weaker than CORS. Those are
some pretty outlandish claims to try to prove.


"Waterken News: Capability security on the Web"

Received on Saturday, 9 January 2010 22:39:51 UTC