- From: Hallvord R M Steen <hallvors@gmail.com>
- Date: Thu, 29 Jun 2006 00:50:49 +0200
On 26/06/06, Ian Hickson <ian at hixie.ch> wrote:
> On Mon, 26 Jun 2006, Gervase Markham wrote:
> > >
> > > interface StorageItem {
> > > attribute boolean secure;
> > > attribute DOMString value;
> > > };
> >
> > I would like to suggest the the "secure" attribute be an integer rather
> > than a boolean, initially with 0 meaning insecure, and 1 meaning secure.
> >
> > So, for example, you could have StorageItems which were only returned if
> > the page on the site was secured with a new EV cert, and was not
> > accessible to pages which had an ordinary cert or no cert.
>
> Is it ever possible to get an "ordinary cert" which claims to identify
> some domain, but which was not purchased by the owners of that domain?
Depends on your definition of "ordinary" - what about self-signed
certificates, or certificate chains that do not resolve to a known
root certificate? A very security conscious application author might
want to be able to limit access to stored data only to certificates
that are 100% kosher, so that even if the UA warns the user about a
certificate problem and the user accepts it, stored information isn't
made available.
> The
> only reason for the "secure" attribute is to avoid DNS spoofing; the flag
> has two values -- allow DNS to be spoofed and return the item whether or
> not the site was spoofed, and only return the item if the site's
> certificate matched the domain name of the site.
In that case perhaps a bit more prose listing a few other scenarios
UAs should limit access to stored info would do, such as ?
--
Hallvord R. M. Steen
Received on Wednesday, 28 June 2006 15:50:49 UTC