- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 9 Feb 2015 15:24:22 +1100
- To: Deian Stefan <deian@cs.stanford.edu>
- Cc: Brad Hill <hillbrad@gmail.com>, Jeffrey Yasskin <jyasskin@google.com>, Mike West <mkwst@google.com>, Wendy Seltzer <wseltzer@w3.org>, David Ross <drx@google.com>, Dan Veditz <dveditz@mozilla.com>, Mounir Lamouri <mlamouri@google.com>, David Baron <dbaron@dbaron.org>, Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 9 February 2015 at 12:49, Deian Stefan <deian@cs.stanford.edu> wrote: > Would changing the language address some of your concerns? I would be > happy to use a word other than "untrusted." Or at least tone it down to > say "untrusted, but not malicious." (We should avoid giving people the > impression that they can share sensitive data without any concern.) I'd be happy if this were limited to providing untrusted code with limited access to information. That seems perfectly in line with the sorts of things that CSP can do. I don't accept the suggestion that forcing untrusted code to use covert channels for exfiltration is sufficient. All it takes for someone to develop an exfiltration library and the suppression of the overt channels is effectively pointless.
Received on Monday, 9 February 2015 04:24:49 UTC