Re: HbbTV and Web origins

On 11 May 2015 at 11:38, Robin Berjon <robin@w3.org> wrote:

> On 27/04/2015 04:22 , Mark Nottingham wrote:
>
>> This summary:
>>
>> http://blog.acolyer.org/2015/04/23/from-the-aether-to-the-ethernet-attacking-the-internet-using-broadcast-digital-television/
>>
>>  of this paper:
>> http://www.cs.columbia.edu/~angelos/Papers/2014/redbutton-usenix-sec14.pdf
>>
>>  … makes for an interesting / scary read.
>>
>
> Yes, I remember when this came out. I couldn't stop laughing.
>
>  I know that W3C has been engaging with various parts of the
>> TV/broadcast community, but it seems like there's been a failure of
>> some sort here, at least based on this; violating the origin model is
>> pretty serious.
>>
>
> To the best of my knowledge there has been no discussion between HbbTV and
> the W3C on this. The paper was brought to HbbTV who apparently shrugged it
> off, so I'm not sure how much impact we would add, though.
>

I was thinking about this for a while, and I think I've noticed an
architectural principle

Higher Growth phase -> low security
Lower Growth phase -> high security

Examples of low security I can give, are

- email (easy to spoof)
- telephone (callers are not authenticated)
- postal service (senders are not authenticated)
- HTTP

Then after the growth phase other technologies come along such as HTTPS,
caller display, registered delivery, PGP for email.

All these systems share with the web value creation via connections.

I realize the examples are anecdotal, and it doesnt imply a right or wrong
way of doing things.  But my suspicious is that security is generally too
low during the growth phase, and generally too high during the maturation
phase.


>
> --
> Robin Berjon - http://berjon.com/ - @robinberjon
>
>