W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2020

Securer Contexts?

From: Mike West <mkwst@google.com>
Date: Wed, 5 Feb 2020 15:44:40 +0100
Message-ID: <CAKXHy=duVcDiCfdJMP=yKTussfX2zQ5tY9bSaiX68JJh4PDdrQ@mail.gmail.com>
To: Web Application Security Working Group <public-webappsec@w3.org>
Hey folks,

In the context of the set of side-channel-mitigating isolation primitives
that we've discussed on the past few calls, I've been thinking about the
notion of Secure Contexts. TL;DR: I think limiting the scope of that
mechanism to the transport layer was a great idea in 2015; I think 2020 is
a great time to revisit and expand it to include the threats we care deeply
about today.

I sketched out a proposal for an updated threat model in
https://github.com/mikewest/securer-contexts/, which includes
COOP/COEP/CORP on the one hand, and hand-waves at injection mitigation on
the other.

I'd appreciate feedback, either here on the list, in the GitHub repository,
or on the design review request at
https://github.com/w3ctag/design-reviews/issues/471. :)

Thanks!

-mike
Received on Wednesday, 5 February 2020 14:44:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 5 February 2020 14:44:57 UTC