Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features

On Jun 27, 2014 5:02 PM, "'Peter Kasting' via Security-dev" <
security-dev@chromium.org> wrote:
>
> On Fri, Jun 27, 2014 at 3:55 PM, 'Chris Palmer' via blink-dev <
blink-dev@chromium.org> wrote:
>>
>> "Particularly powerful" would mean ... generally any feature that
>>
>> we would provide a user-settable permission or privilege to.
>
>
> I don't really understand this last clause.  Users of browsers can set
many permissions, e.g. in Chrome the user can grant or deny sites the
ability to use plugins, open popup windows, run Javascript, etc. I doubt
you intended to suggest that a new feature with a similar scope to those
should be restricted.
>
> PK

There is, I think, a balance.

The examples you gave are examples where we default positive (allow), but
then allow the user to deny. In effect, all origins BUT X have access to a
permission.

However, for permissions where the assumption is default-deny (or prompt),
those are certainly in scope. That's because if you grant Origin X access,
and X is an origin delivered over an insecure transport, you've granted it
to all origins, in effect.

Would it make more sense to clarify that its in response to deny-by-default
permissions? geolocation, audio, video all come to mind as modern deny
features that would, ideally, have been restricted for the reasons listed -
though that horse has long since left the barn.

Received on Saturday, 28 June 2014 00:36:11 UTC