- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Mon, 10 Nov 2014 11:31:47 -0800
- To: David Bruant <bruant.d@gmail.com>
- Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Mark S. Miller" <erights@google.com>
The basic reasoning behind suborigins is to provide a very simple, intuitive, and low-cost way to compartmentalize applications, reason about the compartmentalization, and test it with automated tools. If I understand it correctly, your critique is that suborigins are a bad idea because application compartmentalization can be achieved with a bit more work with existing tools. But I think this applies to most other mechanisms: we also do not strictly require CSP or referer directives or most of the other security work. Almost all of its is driven by the desire to just make things simpler, more intuitive, less likely to fail, and easier to audit for. We're definitely acutely aware of Caja and similar solutions and have spent years trying to convince product teams to use it in a variety of settings :-) I *think* that suborigins will strictly improve status quo and has a chance of working out, but of course, no promises. /mz
Received on Monday, 10 November 2014 19:32:36 UTC