Hi Jonathan In the short and medium terms, it scales better than a white list and distributes the effort of finding APIs misuses. Mozilla and other vendor browser could still review the code of the site and add its vote in favour or against the Web property.
In the long term, the system would help finding new security threats such a tracking or fingerprinting algorithms by encouraging the honest report of evidences, somehow. With this system, the threat is considered the result of both potential risk and chances of actual misuse. The revocation protocol reduces threatening situations by minimising the number of Web properties abusing the APIs. As a side effect, it provides the infrastructure for a real distributed and cross browser database which can be of utility for other unforeseen uses. What do you think? El 8 mar. 2017 10:54 p. m., "Jonathan Kingston" <jkings...@mozilla.com> escribió: Hey, What would be the advantage of using this over the safesite list? Obviously there would be less broken sites on the web as we would be permitting the site to still be viewed by the user rather than just revoking the permission but are there other advantages? On Sun, Mar 5, 2017 at 4:23 PM, Salvador de la Puente < sdelapue...@mozilla.com> wrote: > Hi, folks. > > Some time ago, I've started to think about an idea to experiment with new > powerful Web APIs: a sort of "deceptive site" database for harmful uses of > browsers APIs. I've been curating that idea and come up with the concept of > a "revocation protocol" to revoke user granted permissions for origins > abusing those APIs. > > I published the idea on GitHub [1] and I was wondering about the utility > and feasibility of such a system so I would thank any feedback you want to > provide. > > I hope it will be of interest for you. > > [1] https://github.com/delapuente/revocation-protocol > > -- > <salva /> > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
