- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Thu, 24 May 2007 21:49:24 -0400
- To: michael.mccormick@wellsfargo.com
- CC: public-wsc-wg@w3.org
Given our intimate involvement in the CABForum discussion (despite not
having anything to do with VeriSign's plugin, really) I figured I'd
throw in here as well, to explain why I don't think this is a good
recommendation for our workgroup.
Firefox is a web browser, but it's based on an almost infinitely
extensible platform. This is a plus for us. But the way that platform
works means that if someone installs an add-on software package, they
are essentially re-writing their browser. This is no different than
installing any other kind of software, and the results can be just as
epic. I'll say it again, because I think it's important:
Installing an add-on is functionally identical to installing any other
software. It can manipulate the browser in arbitrary ways.
If we write a recommendation which suggests, for instance, that user
agents not allow add-ons to render security related information, we not
only do a net disservice to the web (add-ons are a great test bed for
new ideas about security, e.g. OpenID, anti-phishing toolbars, etc.) but
we create a recommendation which is basically impossible to implement.
What qualifies? How would we know?
If we write a recommendation which suggests, instead, that browsers
simply restrict add-ons' ability to alter *existing* security indicators
("add ons can't touch the padlock" or some other "robustness" measure)
we oversimplify the problem. A Firefox add-on can replace the entire
chrome wholesale, or add new indicators which overlay the existing ones,
or any number of other things. And how do we prevent malware from
performing DLL injection or other nastiness outside of the add-on
framework? Browsers can't really police this either, much as we might
like to.
An add-on (and once again, I can only speak for mozilla browsers here)
overlays its logic onto firefox, and has arbitrary control. It's not
shipped with the browser, it's supplementary software voluntarily
installed by the user. As far as I can tell, we couldn't comply with a
recommendation that said otherwise.
Cheers,
Johnathan
michael.mccormick@wellsfargo.com wrote:
> As some of you know, this VeriSign announcement provoked considerable
> debate among members of the CAB Forum.
>
> Cutting out the religious feelings and political agendas that clutter
> the debate, there does seem to be a key issue web security display at stake:
>
> Should web security context displays in chrome be rendered by base
> web agent software only, or is it acceptable for plug-ins to render
> it too? If plug-ins render it, what controls need to be in place to
> ensure this doesn't become a new spoofing vector for phishing
> perpetrators?
>
> If this group is willing to tackle it, I believe this issue is probably
> in scope of the WSC charter.
>
> Mike
>
> ------------------------------------------------------------------------
> *From:* public-wsc-wg-request@w3.org
> [mailto:public-wsc-wg-request@w3.org] *On Behalf Of *McCormick, Mike
> *Sent:* Wednesday, May 23, 2007 3:22 PM
> *To:* dan.schutzer@fstc.org; sam.phillips@bankofamerica.com;
> versace@comcast.net; Chuck@Interisle.net;
> todd.inskeep@bankofamerica.com; Bob.Pinheiro@fstc.org;
> Dan.Houser@huntington.com; Tiggas, Mark; matt.barrington@wachovia.com;
> Pelton, Douglas S.; smb@cs.columbia.edu; solod@citigroup.com; Palmer,
> Pete; chris.nautiyal@fstc.org; tom.keane@wachovia.com;
> john.fricke@fstc.org; Lyman@Interisle.net; richard.a.parry@jpmchase.com;
> Stan.Szwalbenest@chase.com
> *Cc:* public-wsc-wg@w3.org
> *Subject:* FW: VeriSign offers IE7-style EV-SSL "green bar" to Firefox users
> *Importance:* Low
>
> http://www.pcmag.com/article2/0,1895,2134557,00.asp
--
--
Johnathan Nightingale
Human Shield
johnath@mozilla.com
Received on Friday, 25 May 2007 01:50:04 UTC