W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Limiting requests from the internet to the intranet.

From: Justin Schuh <jschuh@google.com>
Date: Wed, 6 Jan 2016 14:42:38 -0800
Message-ID: <CAObUUC_Y5YOv3rvrgA+MLCczoW9G=NeK1aM=wVPJQ_5PGMLzvA@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: "Oda, Terri" <terri.oda@intel.com>, Mike West <mkwst@google.com>, Richard Barnes <rbarnes@mozilla.com>, Erik Nygren <erik+w3@nygren.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, Ryan Sleevi <sleevi@google.com>, Devdatta Akhawe <dev@dropbox.com>, Anne van Kesteren <annevk@annevk.nl>, lee@asgard.org
On Wed, Jan 6, 2016 at 2:06 PM, Chris Palmer <palmer@google.com> wrote:

> On Wed, Jan 6, 2016 at 2:04 PM, Oda, Terri <terri.oda@intel.com> wrote:
>
> Just to add another data point: I know some of Intel's products use the
>> Pebble-like scenario and have been told that blocking would be a
>> significant problem for some of our groups.  It most recently came up in
>> discussions of RealSense 3d camera support, and I suspect some of the
>> projects involve relatively new tech hardware that doesn't yet have
>> standards for communication, and the teams involved were hoping to use web
>> APIs to make things easier for developers.
>>
>> I can ask around internally for more information beyond "yes this is a
>> thing that we use and removing it would be a hardship" if people are
>> interested in more details.
>>
>
> The proposal at this point is not to remove it, but to require your Real
> Sense cameras to opt in to being contacted by public web origins.
>

Put another way: If you can't update the device/software to serve the
opt-in header, then it's unambiguously clear that the device/software lacks
the bare minimum capability to be safely exposed to arbitrary Web sites.
Received on Wednesday, 6 January 2016 22:43:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC