- From: <bugzilla@jessica.w3.org>
- Date: Tue, 15 Apr 2014 18:37:16 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25345 Ryan Sleevi <sleevi@google.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #7 from Ryan Sleevi <sleevi@google.com> --- As Boris has explained, this does not provide any meaningful security - but worse, gives the appearance of security. If an attacker can inject script, they can alter the operating environment in any number of ways - from manipulating objects (like String.prototype) to altering code that calls getRandomValues and such. Mitigations such as CSP provide meaningful security, and thus should be encouraged (and, in previous discussions, were attempted to be required - but to no effect). The argument for protecting against 'accidental' overwriting is equally troubling, as it suggests an author capable of implementing secure cryptography, but not implementing secure javascript - which is a scenario that is equally doomed to failure independent of the spec action here. There's no question that we want to remove things that will obviously cause harm, but at the same time, the security boundaries should be crisp, and we should only attempt to normatively specify things that will meaningfully improve security (eg: requiring SSL or CSP) -- You are receiving this mail because: You are on the CC list for the bug.
Received on Tuesday, 15 April 2014 18:37:18 UTC