W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 15 Dec 2014 10:37:05 -0800
Message-ID: <CABkgnnVhtpRJwSaGXaGAQ3SNPzj_PS4SYNchJWmb188vPaih2Q@mail.gmail.com>
To: Yves Lafon <ylafon@w3.org>
Cc: Sam Ruby <rubys@intertwingly.net>, www-tag@w3.org
On 15 December 2014 at 08:11, Yves Lafon <ylafon@w3.org> wrote:
> I agree for localhost (if running on a privileged port)

Define "privileged port".  That's harder than it sounds, I'll bet.

I've always thought that it's probably OK to consider the threat model
to only include attackers that are remote, in this case.  I don't know
if we've ever really considered the threat model on the inside of a
machine.  Is that something we really need to consider?  Can the USB
device influence what is on loopback?
Received on Monday, 15 December 2014 18:37:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC