W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Limiting requests from the internet to the intranet.

From: Chris Palmer <palmer@google.com>
Date: Mon, 4 Jan 2016 12:07:41 -0800
Message-ID: <CAOuvq20HExegZmuiPOcGiZW9=EVqoVjBUGmtF1Xio6HeA=gNKQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Richard Barnes <rbarnes@mozilla.com>, Erik Nygren <erik+w3@nygren.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, Ryan Sleevi <sleevi@google.com>, Justin Schuh <jschuh@google.com>, Devdatta Akhawe <dev@dropbox.com>, Anne van Kesteren <annevk@annevk.nl>, lee@asgard.org
On Mon, Jan 4, 2016 at 11:44 AM, Mike West <mkwst@google.com> wrote:


> I was thinking something more like "https://pebble.com/ wants to access
> resources on your internal network." rather than an origin->origin mapping.
> That seems like the right granularity for the user-side of this kind of
> decision, assuming that the devices themselves have to opt-in as well.
>

OK that sounds pretty good to me.

Based on the discussion at https://crbug.com/378566 and the conversation(?)
>> at https://news.ycombinator.com/item?id=9210484, there are several large
>> services using this kind of scheme, and innumerable small/enterprise
>> versions of various sorts. I don't know how we'll get reasonable aggregate
>> metrics beyond
>> https://www.chromestatus.com/metrics/feature/timeline/popularity/530
>> (which shows ~0.5% of page views being public sites which include private
>> resources). Those numbers might be big enough for rappor
>> <https://www.chromium.org/developers/design-documents/rappor> to help?
>>
>
Looks like Spotify, Dropbox, and a lot of unspecified applications from
people who don't understand we're planning to offer an opt-in via ACAO or
the like. Spotify and Dropbox, at least, are modern software projects that
can add the header in an update (and have updates). But:

I'm dubious about the trustworthiness of devices, and I imagine that Super
> Awesome Refrigerator 2000 is more likely to want to be chatty about its
> contents than I am. I'm not sure that abdicating that decision to the
> device manufacturer is a good idea in general.
>

I'm somewhat confident that SAR 2000 is developed by people who will not
opt into internet communication, and will instead leak what it knows by
more mundane means. :)

But, all that having been said, if we are going to prompt people *after *the
internal origin has already opted in, then it will (I believe) still be
rare enough to not be too much of an annoyance.
Received on Monday, 4 January 2016 20:08:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC