- From: Peter Sorotokin <psorotok@adobe.com>
- Date: Thu, 04 Nov 2004 09:40:26 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: www-svg@w3.org
At 02:03 AM 11/4/2004 +0000, Ian Hickson wrote: >On Wed, 3 Nov 2004, Peter Sorotokin wrote: > > > > Most secure UAs can block these connections (or require user to approve > > it for a specific host, verify signatures, etc.). We are not imposing > > our security model on UAs, we just outlining baseline expectations. > >The point is that once you've implemented this securely, it becomes less >useful than URLRequest, since it can only access HTTP ports, but doesn't >do HTTP. It seems bad to have a feature that is only useful if implemented >in insecure ways. UA might provide security setting (enable/disable non-HTTP port access etc., possibly on server basis). UA might choose to block only certain ports and not others. You presume that disabling port access is the only sensible solution - it is not. Moreover, port-based security is really just a quick-and-dirty hack that is going to backfire. We already see people abusing port 80 for whole bunch of non-HTTP-related stuff and even sticking there something which is not HTTP server at all. There will come schemes exploiting that abuse. Some people think that tunneling RPC through HTTP is somehow inherently more secure than doing it through regular RPC port (if everything else is equal) - it is not. Just wait until someone puts up a Web Service that interfaces with mailserver and someone else finds a hole into it - and we are on the square one. >If the use case is only for secured networks, then it shouldn't be in a >W3C spec (W3C specs being, by definition, designed for the Web). You seem to say that since there are a lot of security holes on the web, there should not be any APIs that potentially allow exploitation of these holes. I suggest the problem is in security holes themselves. There is nothing magic about HTTP ports that only they should be open and there are no problems in most other ports (indeed the problems that you outline seems to be specifically for SMTP port because of the ancient SMTP design). Peter >-- >Ian Hickson U+1047E )\._.,--....,'``. fL >http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. >Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 4 November 2004 17:40:35 UTC