annevk has just created a new issue for https://github.com/w3c/webrtc-pc: == RTCCertificate security boundary == In https://github.com/whatwg/html/issues/4939 I've been exploring infrastructure for objects which we'd like to limit to the same-origin. The only real security boundary we have for objects is agents and their container, agent clusters, and they are per site+scheme (so contain multiple origins). That is, while we could make deserializing X fail on B if serializing X happened on A, we cannot necessarily prevent A from sharing X with B, if A and B are same-site and same-scheme. This means, that if step 4.2 of https://w3c.github.io/webrtc-pc/#constructor is crucial for some reason not related to the ability for B to "read" X, we cannot really simplify RTCCertificate much. `[Serializable=SameOrigin]` might still be good to signal intent, but it would not allow removing `[[Origin]]` as A can still share X with B using `document.domain`. (I should note that in general it's a little weird for objects to carry around an origin as messaging is supposed to be about object capabilities, but I think I can see how for a certificate that might be different.) cc @jan-ivar Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2343 using your GitHub accountReceived on Friday, 1 November 2019 13:08:35 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:50 UTC