Ah, sorry for not being too straightforward Erik. The answer is no (as far as the API design goes, but the implementation should follow that ofc)
There is actually a very nice image explaining this on our messageboard, but I'm on my phone so I'll do my best to explain this with a similar example. When you use a Mouse, the OS provides APIs for a mouse, independent of the connection type (ps2, Bluetooth, serial, USB or other). The OS & drivers make it show up as a mouse. Similarly, when you have a serial port (the OS recognizes this device as a serial port), the OS provides a set of APIs to talk to that (open, close, read & write), regardless of the underlying physical connection. The WebSerial API proposes the exposure of those APIs (but not the underlying ones, so no way to talk to the USB stack) to the web. I hope this makes things more clear? Vasilis > On 14 Jul 2014, at 16:46, Eric Rescorla <e...@rtfm.com> wrote: > > > > >> On Mon, Jul 14, 2014 at 4:22 AM, <tzi...@gmail.com> wrote: >> On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote: >> > On 13/07/14 18:35, Vasilis wrote: >> > >> > > Jonas, I would be really interested in your thoughts. Try as we might >> > >> > > (in the WebSerial API docs, at least), noone could actually think of >> > >> > > a use case where providing access to a physical (RS232), or Virtual >> > >> > > (VirtualUSB or VirtualBluetooth) serial port could be a privacy >> > >> > > and/or security issue. >> > >> > > >> > >> > > It's a whole different beast when you provide access for cameras or >> > >> > > any USB device, of course, but what could someone do with access to a >> > >> > > serial port? >> > >> > >> > >> > The WebSerial interface doesn't cover the Universal Serial Bus, then? >> > >> > >> > >> > For USB, the OS has some underlying knowledge of what the device is, >> > >> > right? So we could do permissions for USB on a per-device rather than >> > >> > per-port basis, which is the right way to do it IMO. But AFAIK that's >> > >> > not possible for RS232. >> > >> > >> > >> > Gerv >> >> Which is the kind of exaggerated security for no real purpose that I >> mentioned. >> >> The three major OSes give you APIs to access any Serial-Port-like device >> (physical or virtual) in a straightforward manner, because, for all intents >> and purposes, those are Serial ports. Trying to go around this and map >> devices with ports ranges from hard (USB, Bluetooth) to impossible (RS232) > > I still don't think I understand your answer here. Will this API allow me to > directly address USB devices? To take a concrete case, say that I have > a USB printer, will I be able to use this API (subject to user consent) > to talk to it directly and print documentS? > > -Ekr > > >> I do agree with Kip, some Serial devices are important and/or dangerous, but >> do we really want to set the security of this based on the idea that someone >> from a government agency and/or industrial plan will use the power plant's >> controlling computer to: >> 1. Plug in a serial device, like an Arduino >> 2. Access the Internet >> 3. Go to a nefarious website >> 4. Give access to the PLC, and kaboom. >> >> Isn't that a little too much paranoia? Should we have restricted the Camera >> API because someone could have used it on a computer with a spycam, thus >> leaking goverment info and starting WW3? > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
