Boris Zbarsky wrote:
Brendan Eich wrote:
One thought I had the other week is to enable privileges implicitly
based on "latent trust": site has good CA-signed cert, you've
connected with SSL, you've got a password saved for this site, you are
logged in.
Such a site could have some awesome powers, but not super-powers.
Hmm.... What if I don't want to save a password for sites? Maybe I'm
just paranoid, but saving passwords gives me the willies.
Sure, just a thought. Perhaps we could leave out the saved-password
step, or substitute some other test.
Schneier points out that people are used to taking chances handing out
their credit cards to waiters, etc. On the web, we take fewer chances
with amazon.com e-commerce. In order for web apps to have greater than
default (cripplingly low) privileges, without posting scary dialogs that
will be clicked away, it still seems to me that we can infer more than
enough trust from data the browser already keeps.
We should scrap all this and do something better. What, I'm not sure.
OK. That's about where I am. Now where do we go from here? ;)
Proposals welcome, posted here -- or wiki'd with a link posted here.
It would be good to know who has time to write a proposal, have people
shout out here so they can work together if that's appropriate.
/be
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security