Re: Establishing consistent opt-ins to expose resource metadata

On Mon, Jul 20, 2020 at 12:56 PM Anne van Kesteren <annevk@annevk.nl> wrote:

> High-level question: are metadata and data distinct enough and can
> developers-at-large reason about their difference to make the right
> trade-offs? At least in terms of surveillance, metadata can tell a
> pretty damning story as we've come to learn and I know the
> network-security folks are trying their best not to give any bits to
> the network, e.g.,
> https://blog.apnic.net/2018/03/28/just-one-quic-bit/. I worry a bit
> that what we're doing here isn't exactly sound from an
> information-security perspective.
>

I think this indeed becomes a problem when metadata is an umbrella term
that defines an undetermined set of properties.
For example, using a single header with a catch-all * wildcard to describe
all sorts of separate types of metadata might create issues in the future,
where as more types of metadata are added a server exposes 'metadata' that
they didn't intend to expose because "metadata" catches them.

This is also the case for CORP - without some granularity around which
information is exposable, there's a risk of over-exposing by mistake.

So I think with either option there should not be a wildcard for selecting
types of metadata. And then, when the properties/types (e.g.
orientation/resolution/pixels of an image) are explicitly defined, it
doesn't matter if they're data or metadata.

Received on Monday, 20 July 2020 10:43:31 UTC