[openscreenprotocol] Pull Request: Adds Security UI Considerations. from Mark Foltz \(Google\) via GitHub on 2019-08-27 (public-webscreens@w3.org from August 2019)

From: Mark Foltz \(Google\) via GitHub <sysbot+gh@w3.org>
Date: Tue, 27 Aug 2019 18:59:23 +0000
To: public-webscreens@w3.org
Message-ID: <pull_request.opened-311521944-1566932362-sysbot+gh@w3.org>

mfoltzgoogle has just submitted a new pull request for https://github.com/webscreens/openscreenprotocol:

== Adds Security UI Considerations. ==
This PR addresses Issue #118: UI guidelines for pairing and trusted/untrusted data.  
Action from the Berlin F2F: https://www.w3.org/2019/05/23-webscreens-minutes.html#x21

It adds a Security UI Considerations section with general guidelines on how metadata from agents should be presented to the user, and on PSK display and input. 

It also defines a "suspicious agent" as one that meets a criterion for a potential MITM attack.  The details on how to display a suspicious agent are moved to Security UI Considerations.

It also moves the description of how Instance Names should be handled into Security UI Considerations.

Finally it clarifies that any agents advertising a public key FP collision should be treated as suspicious (trusted or not) since we won't have any way to tell them apart.



See https://github.com/webscreens/openscreenprotocol/pull/197

Received on Tuesday, 27 August 2019 18:59:25 UTC