[powerful-features] feedback

Secure Contexts [1]

> The SharedWorker() constructor will throw a SecurtyError [sp] exception
> if a if a secure context attempts to attach to an [sp:a] Worker which is not a secure context

sp: if-a if-a

> and if an [sp:a] non-secure context attempts to attach to a Worker which is a secure context.


> Therefore, the algorithms defined in this document require mechansims [sp]

> As the Web platform is extended to enable more useful and powerful applications,

i think you can drop the `the` here:
> it becomes increasingly important to ensure that the features which enable those applications
> are enabled only in contexts which meet a minimum security bar.

you don't always capitalize "the web":
> This document outlines threat models for feature abuse on the Web
> The list above clearly includes some existing functionality that is currently available to the web over non-secure channels.

personally, I object to capitalizing "the web". But I only ask that
you be consistent.


> The most obvious of the requirements discussed here is that application code with access to sensitive or private data be delivered over authenticated and confidential channels that guarantee data integrity.

personally I'd write "delivered confidentially over authenticated channels".

Example 3
> if https://example.com/ opened in a top-level browsing context opens https://sub.example.com/ in a frame, then both are secure contexts, as both were delivered over authenticated and encrypted channels.

Please capitalize 'if' above as below:

Example 4
> If https://example.com/ was somehow able to frame http://non-secure.example.com/ (perhaps the user has overridden mixed content checking?), the top-level frame would remain secure, but the framed content is not a secure context.

> Dedicated Web Workers are similar in nature to framed documents. They’re secure contexts when they’re delivered from potentially trustworthy origins, and when their owner is itself a secure context:


the `and when` here is bad, it should be `only if` ...

> If an [sp:a] non-secure context creates a Shared Worker

> If https://example.com/ in a different top-level browsing context (e.g. in a new window) is a secure context,
> so it may access the secure shared worker:

you'd either need to reword, or drop `so`

> and abort the remaining steps.

I'm not a fan of this phrasing, it sort of implies that you can run
some of the remaining steps. Elsewhere the phrase appears to be "and
abort these steps".

> Both Window's isSecureContext and WorkerGlobalScope's isSecureContext attribute’s getters

attributes'

> return true if the relevant settings object for the getter’s global object is a secure context, and false otherwise.

> Given a settings object (settings)
> Let ancestors be a list containing settings.
> If settings' global object is a WorkerGlobalScope, then:

"settings's" or replace `settings` with something that isn't
confusingly singular ("settings object" would work).

> If ancestor settings’s HTTPS state is "modern",

note that you write "settings's" correctly here.

> Let origin be ancestor settings' origin.

but not here :(

> If origin is a globally unique identifier, set origin to the origin of settings’s creation URL.

it's correct here ...

You use both "user agent" and "user agents"

> given the information that is available to the user agent at runtime, the resources appear to have been transported securely.

This isn't true. com.apple.quarantine [2], Zone.Identifier [3]

> Given a settings object (settings), this algorithm returns "Secure" if the object represents a context which the user agent fetched via a secure channel, and "Not Secure" otherwise.
> Given an origin origin, the following algorithm returns Potentially Trustworthy or Not Trustworthy as appropriate.

Should this be quoted, as the one before it was quoted?

> Therefore, blobs created in an [sp:a] potentially secure origin will themselves be potentially secure.

> If origin’s host component is or falls within localhost. [RFC6761], return Potentially Trustworthy.

Drop the `.` after localhost?

> For example, FirefoxOS application resources are referred to by a URL whose scheme component is app:.
> If origin’s scheme component is file, return Potentially Trustworthy.

missing `:` after `file`

> The ability to access information about other devices a user has access to.

... to which a user has access.

> [FULLSCREEN], for instance.

not a sentence.

> an [sp:a] "non-secure" view on the same origin.

> The [GEOLOCATION-API] is a good concrete example of such an [sp:a] feature;

> If the incumbent settings object is not a secure context, then the algorithms should be aborted

algorithm (singular)?





[1] https://w3c.github.io/webappsec/specs/powerfulfeatures/published/2015-10-CR.html

[2] https://support.apple.com/en-ca/HT201940
[3] https://msdn.microsoft.com/en-us/library/dn392609.aspx

Received on Monday, 12 October 2015 21:34:49 UTC