On Wed, Dec 2, 2015 at 9:53 AM, Robert O'Callahan <rob...@ocallahan.org> wrote:
> On Wed, Dec 2, 2015 at 9:37 AM, Eric Rescorla <e...@rtfm.com> wrote: > >> Are you thinking of something like WebUSB? >> (https://reillyeon.github.io/webusb/)? This is something we've looked at >> a bit but we're still trying to wrap our heads around the security >> implications. >> > > Where are we discussing that? > Richard and I have discussed it privately and had some offline interactions with the authors. IIRC I made some comments on one of the bugs and on some mailing list a while ago. > I'd really like to see WebUSB with USB device IDs are bound to specific > origins (through a registry for legacy devices and through the USB protocol > extensions defined in that spec) so that vendors can host apps that access > their devices --- and so that vendor pages in an <iframe> can define and > vend "safe" APIs to any third-party application. > This seems to be roughly the API contemplated by the WebUSB spec. To be honest, I'm not very excited about that design. Having a system where the only people who can talk to USB device X are the manufacturers and the browser is just a conduit for that interaction doesn't really seem that great for the Open Web. -Ekr _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
