- From: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Date: Tue, 07 Dec 2010 14:16:14 +0200
2010-12-01 21:43 EEST: Aryeh Gregor: > On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson <ian at hixie.ch> wrote: >> It cannot, and should not. It's a user concern. If as a user I want all >> data that you send me to be printed unencrypted and dropped out of my >> office window for anyone to read, then I should be allowed to do that. :-) > > It's legitimate for an organization to require people to handle data > in a certain way if they want web access to it. For instance, a > company could reasonably require that if users want to work from home, > they have to obey certain security practices to avoid leaking private > data -- e.g., information about the company's clients or users that > might be protected by privacy laws or company privacy policies. [...] If a company or any other entity deals with data that must not be leaked, they definitely should not allow any random (home or other) workstation to access the data. Either the user using the workstation is able to decide by himself that the workstation is secure enough or the user cannot use the workstation for secure stuff at all. Even, if we had a hypothetical "secure" workstation that is based on signed binary executed by BIOS (or some other firmware boot method) and only that binary will only execute other signed binaries, the workstation cannot be guaranteed to be safe. If the user cannot inspect that the hardware has not been temped with, there's no way to make sure that the environment is safe. (There could be an extra hardware component that makes the hardware unsafe - for example, a hardware keylogger inserted between keyboard and keyboard connector, extra hardware soldered on the motherboard that interferes with the memory bus to hack the hardware or something more obscure. See Xbox 360 hacking for an example.) In addition to these major issues, there's still the minor(?) issue of bugs in the software. See security vulnerabilities in software for examples. In the end, my point is that there's absolutely nothing an UA could do to verify that the environment is safe. If somebody claims to do anything else, beware, he's trying to sell you some snake oil. -- Mikko -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101207/852607c2/attachment.pgp>
Received on Tuesday, 7 December 2010 04:16:14 UTC