- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Wed, 26 Mar 2008 15:16:55 -0400
- To: <michael.mccormick@wellsfargo.com>
- Cc: <public-wsc-wg@w3.org>
- Message-Id: <DD762309-DBA7-49FC-87E8-BA1C0F31CFA9@mozilla.com>
On 26-Mar-08, at 2:43 PM, <michael.mccormick@wellsfargo.com> wrote: > I was a little surprised to learn this morning that our early > concept of secure chrome never made it into the editor's draft. > > If it's not too late, perhaps we ought to consider some language > along these lines: > > 1. User agents MUST reserve some UI chrome that is protected for > agent-only use; i.e. areas fully controlled by the core agent > software; not modifiable by scripts, controls, or other content > based mechanisms; nor via APIs published to third party plug-in or > helpers. (But see NOTE.) > If people in the group feel that this kind of designated UI area has merit, then we should by all means discuss it. And I don't think the implementation decisions that Mozilla, or any other vendor makes, should get to dictate what the group thinks is right. I want to be unambiguous here though: if language like this is in the document, Firefox will be willfully non-compliant with this spec for the foreseeable future. Our extensibility is core to the objectives we have for the browser, and limiting it in the way suggested here runs counter to that. That's really not intended to sound like any kind of ultimatum, I'm just trying to offer the insight I can as a "vendor." The other language in the spec is structured in a way that we can conform to in the version we ship to users, and extensions can take care of themselves, but conforming with text like this would be a non-starter. Cheers, J > 2. All agent-generated identity and security indicators MUST appear > in protected chrome areas. > > 3. User agents SHOULD provide a means to visually identify which > areas of chrome are protected (e.g., background color). > > 4. User agents SHOULD display protected chrome regardless of display > mode - full screen, custom skin, etc. > > NOTE: It is understood of course that chrome cannot be protected > against certain UI spoofing attacks such as picture-in-picture. > > > Michael McCormick, CISSP > Lead Security Architect, Information Security Technologies > Wells Fargo Bank > “THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF > WELLS FARGO" > This message may contain confidential and/or privileged > information. If you are not the addressee or authorized to receive > this for the addressee, you must not use, copy, disclose, or take > any action based on this message or any information herein. If you > have received this message in error, please advise the sender > immediately by reply e-mail and delete this message. Thank you for > your cooperation. > --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Wednesday, 26 March 2008 19:17:41 UTC