W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Limiting requests from the internet to the intranet.

From: Mike West <mkwst@google.com>
Date: Mon, 4 Jan 2016 21:15:15 +0100
Message-ID: <CAKXHy=eB4i8GdFNy0Fg3pix6BDLFkqXT5tRhH01i6xZsY31ZAg@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Richard Barnes <rbarnes@mozilla.com>, Erik Nygren <erik+w3@nygren.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, Ryan Sleevi <sleevi@google.com>, Justin Schuh <jschuh@google.com>, Devdatta Akhawe <dev@dropbox.com>, Anne van Kesteren <annevk@annevk.nl>, lee@asgard.org
On Mon, Jan 4, 2016 at 9:07 PM, Chris Palmer <palmer@google.com> wrote:

> Looks like Spotify, Dropbox, and a lot of unspecified applications from
> people who don't understand we're planning to offer an opt-in via ACAO or
> the like.
>

Well, at the time it wasn't clear that we were. My initial stab at this
certainly didn't. "My thinking on this issue has evolved."


> Spotify and Dropbox, at least, are modern software projects that can add
> the header in an update (and have updates).
>

Dropbox, I'm sure, will have no problems. I'm more concerned about the
amount of angry emails I'll get from enterprise folks, but, you know.
Progress.


> I'm dubious about the trustworthiness of devices, and I imagine that Super
>> Awesome Refrigerator 2000 is more likely to want to be chatty about its
>> contents than I am. I'm not sure that abdicating that decision to the
>> device manufacturer is a good idea in general.
>>
>
> I'm somewhat confident that SAR 2000 is developed by people who will not
> opt into internet communication, and will instead leak what it knows by
> more mundane means. :)
>

But. but, SAR 2000 could automatically order milk for you! Or, you know,
tell https://grocery.evil.com/ that you totally need milk and that it
should raise the price a bit. In any event, IoT is scary.

But, all that having been said, if we are going to prompt people *after *the
> internal origin has already opted in, then it will (I believe) still be
> rare enough to not be too much of an annoyance.
>

Oh. That's clever. I was thinking of doing the prompt before the request,
but sandwiching a permission request/interstitial/whatever between the
preflight and the request sounds like a good idea.

-mike
Received on Monday, 4 January 2016 20:16:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC