Re: SVG 1.2 Comment: B.2.3 Socket Connections from Peter Sorotokin on 2004-11-04 (www-svg@w3.org from November 2004)

From: Peter Sorotokin <psorotok@adobe.com>
Date: Thu, 04 Nov 2004 09:40:26 -0800
To: Ian Hickson <ian@hixie.ch>
Cc: www-svg@w3.org
Message-id: <5.2.0.9.2.20041104091720.031c2de0@mailsj-v1.corp.adobe.com>

At 02:03 AM 11/4/2004 +0000, Ian Hickson wrote:
>On Wed, 3 Nov 2004, Peter Sorotokin wrote:
> >
> > Most secure UAs can block these connections (or require user to approve
> > it for a specific host, verify signatures, etc.). We are not imposing
> > our security model on UAs, we just outlining baseline expectations.
>
>The point is that once you've implemented this securely, it becomes less
>useful than URLRequest, since it can only access HTTP ports, but doesn't
>do HTTP. It seems bad to have a feature that is only useful if implemented
>in insecure ways.

UA might provide security setting (enable/disable non-HTTP port access 
etc., possibly on server basis). UA might choose to block only certain 
ports and not others. You presume that disabling port access is the only 
sensible solution - it is not. Moreover, port-based security is really just 
a quick-and-dirty hack that is going to backfire. We already see people 
abusing port 80 for whole bunch of non-HTTP-related stuff and even sticking 
there something which is not HTTP server at all. There will come schemes 
exploiting that abuse. Some people think that tunneling RPC through HTTP is 
somehow inherently more secure than doing it through regular RPC port (if 
everything else is equal) - it is not. Just wait until someone puts up a 
Web Service that interfaces with mailserver and someone else finds a hole 
into it - and we are on the square one.

>If the use case is only for secured networks, then it shouldn't be in a
>W3C spec (W3C specs being, by definition, designed for the Web).

You seem to say that since there are a lot of security holes on the web, 
there should not be any APIs that potentially allow exploitation of these 
holes. I suggest the problem is in security holes themselves. There is 
nothing magic about HTTP ports that only they should be open and there are 
no problems in most other ports (indeed the problems that you outline seems 
to be  specifically for SMTP port because of the ancient SMTP design).

Peter

>--
>Ian Hickson               U+1047E                )\._.,--....,'``.    fL
>http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
>Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 4 November 2004 17:40:35 UTC