W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Limiting requests from the internet to the intranet.

From: Mike West <mkwst@google.com>
Date: Mon, 4 Jan 2016 21:15:15 +0100
Message-ID: <CAKXHy=eB4i8GdFNy0Fg3pix6BDLFkqXT5tRhH01i6xZsY31ZAg@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Richard Barnes <rbarnes@mozilla.com>, Erik Nygren <erik+w3@nygren.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, Ryan Sleevi <sleevi@google.com>, Justin Schuh <jschuh@google.com>, Devdatta Akhawe <dev@dropbox.com>, Anne van Kesteren <annevk@annevk.nl>, lee@asgard.org
On Mon, Jan 4, 2016 at 9:07 PM, Chris Palmer <palmer@google.com> wrote:

> Looks like Spotify, Dropbox, and a lot of unspecified applications from
> people who don't understand we're planning to offer an opt-in via ACAO or
> the like.

Well, at the time it wasn't clear that we were. My initial stab at this
certainly didn't. "My thinking on this issue has evolved."

> Spotify and Dropbox, at least, are modern software projects that can add
> the header in an update (and have updates).

Dropbox, I'm sure, will have no problems. I'm more concerned about the
amount of angry emails I'll get from enterprise folks, but, you know.

> I'm dubious about the trustworthiness of devices, and I imagine that Super
>> Awesome Refrigerator 2000 is more likely to want to be chatty about its
>> contents than I am. I'm not sure that abdicating that decision to the
>> device manufacturer is a good idea in general.
> I'm somewhat confident that SAR 2000 is developed by people who will not
> opt into internet communication, and will instead leak what it knows by
> more mundane means. :)

But. but, SAR 2000 could automatically order milk for you! Or, you know,
tell https://grocery.evil.com/ that you totally need milk and that it
should raise the price a bit. In any event, IoT is scary.

But, all that having been said, if we are going to prompt people *after *the
> internal origin has already opted in, then it will (I believe) still be
> rare enough to not be too much of an annoyance.

Oh. That's clever. I was thinking of doing the prompt before the request,
but sandwiching a permission request/interstitial/whatever between the
preflight and the request sounds like a good idea.

Received on Monday, 4 January 2016 20:16:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:53 UTC