- From: Breno de Medeiros <breno@google.com>
- Date: Wed, 11 Feb 2009 18:04:23 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: Adam Barth <w3c@adambarth.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
- Message-ID: <29fb00360902111804n42bd864s9eaf7647645f5770@mail.gmail.com>
So the proposal is for a security considerations section that describes attending threats and strongly hint that applications will be vulnerable if they do not adopt techniques to validate the results. It would suggest the use of content-type headers and explain what types of threats it protects against, provided that it includes caveats that this technique may not be sufficient for some applications and as well as not necessary for others that use higher-assurance approaches to directly validate the results discovered through host-meta. I still do not think this is necessary because the threat model attending this is much broader than crossdomain.xml and applications that rely on this will have to understand their own security needs or be necessarily vulnerable. On the other hand, I will not argue against it either. On Wed, Feb 11, 2009 at 5:50 PM, Ian Hickson <ian@hixie.ch> wrote: > On Wed, 11 Feb 2009, Breno de Medeiros wrote: > > > > My only concern is that the requirement is construed as reasonably > > sufficient for security (which is indeed the case of crossdomain.xml, > > but not for many intended applications). The example Adam just gave, > > i.e., server-to-server authentication metadata being subverted by > > uploading a file, is the type of application that I believe should > > ideally resist full compromise of the server (e.g., by using metadata > > signed with offline keys). So I am not necessarily opposed to it, but > > the language needs to make it clear that this strategy serves to > > mitigate a very specific class of threats. > > Agreed. I don't think anyone is saying this is the be-all and end-all of > security, only that it is one step of many needed to have defence in > depth. > > -- > Ian Hickson U+1047E )\._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.' > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7)
Received on Thursday, 12 February 2009 02:14:52 UTC