- From: Tyler Close <tyler.close@gmail.com>
- Date: Sat, 9 Jan 2010 14:39:18 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: public-webapps <public-webapps@w3.org>
On Sat, Jan 9, 2010 at 2:23 PM, Adam Barth <w3c@adambarth.com> wrote: > On Sat, Jan 9, 2010 at 1:57 PM, Tyler Close <tyler.close@gmail.com> wrote: >> On Sat, Jan 9, 2010 at 10:20 AM, Adam Barth <w3c@adambarth.com> wrote: >>> That's the security model we have. For example, it's safe to return >>> untrusted HTML tags with certain media types but not with others. >> >> Just because the Same Origin Policy is full of bizarre gotchas doesn't >> mean the UMP must also be. Using the UMP with permission tokens >> eliminates several of the gotchas. I'm taking every opportunity I can >> to provide developers with a more reasonable security model. Surely a >> security expert must applaud this effort. > > You're making the security model *weaker* though. Why not make it stronger? > > Your reaction to a small (i.e., partial) leak of information in one > media type is to open the floodgates for leaking all information about > all media types. That doesn't make any sense. Originally, you characterized your scenario as obscure. Now you say it's opening the floodgates. I don't find your frequent outbursts of hyperbole at all constructive. Others have pointed this out more subtly, but I guess you didn't get the hint. In any case, I thought following of non-uniform redirects was the original semantics introduced by CORS and so decided to retain it. Like I said in the last email, I am reconsidering that based on Maciej's correction. And just to be clear. In no reasonable way can either decision be said to "open the floodgates". I also don't see any reasonable way to conclude that the UMP security model is weaker than CORS. Those are some pretty outlandish claims to try to prove. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Saturday, 9 January 2010 22:39:51 UTC