Re: [webkit-dev] Proposed feature: Network Service Discovery
On Aug 30, 2013, at 9:15 AM, Brendan Long s...@brendanlong.com wrote: On 08/29/2013 05:45 PM, Benjamin Poulain wrote: Can you explain a bit what it is for? What are the common use cases? This would be useful for certain kinds of web apps. For example,a music website like Pandora or Spotify could allow users to include music on their local network. Or a service like Netflix could include local network movies (on networked hard drives, or DVR's) in their search results, and play them from the same interface. Here's my concern - if you say a service like x might want to search for something, that is better described as a random website. That may be something the user wants, alternatively it could be something evil. It could also be something evil embedded in an ad on the site a user trusts. My concern here is that as a web spec this essentially acts as a way for arbitrary web content from any source to perform a network scan of your local machine and get data about your internal network topology and services from inside your firewall. That's a really scary concept to me. --Oliver ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On 08/29/2013 05:45 PM, Benjamin Poulain wrote: Can you explain a bit what it is for? What are the common use cases? This would be useful for certain kinds of web apps. For example,a music website like Pandora or Spotify could allow users to include music on their local network. Or a service like Netflix could include local network movies (on networked hard drives, or DVR's) in their search results, and play them from the same interface. Or use-case is to make a media center UI entirely in HTML5 (huge portability benefits), and to allow that UI to discovery local DLNA HTML5 Remote UI's (I'd love to put a link to what this is, but the spec isn't public and the best link is our own page http://html5.cablelabs.com/dlna-rui/index.html about it). The use-cases would probably be more interesting if browsers were able to advertise themselves, but that's not part of this spec unfortunately. I suspect that Firefox would be interested, since it fits into the Firefox OS idea, but it looks like no one has really talked to them about it yet. Who already implements it? Opera supports it http://dev.opera.com/articles/view/network-service-discovery-api-support-in-opera/ (it looks like an experimental build though). This person http://jcdufourd.wp.mines-telecom.fr/2013/05/15/network-service-discovery-api/ made a Java applet to add support to existing browsers. There's a thread on the Chromium mailing list https://groups.google.com/a/chromium.org/forum/#%21topic/blink-dev/HT0KZKuTLxM about this. It sounds like they're planning to update the spec before implementing it though, since there's some strange requirements for garbage collection and they want to do a review of the security and privacy implications. mark a. foltz said, Adam, Thanks for your feedback. (I'm working with Justin on this.) I'll summarize our response and plan. (1) Agreed that a longer discussion of the security and privacy implications of the API is warranted. Rich posted a section to the spec [1] that is a good starting point; I plan on working with the editors on minimizing the opportunities for harm, and minimizing the ability to fingerprint users of the API, which was brought up by the Chrome privacy team. (2) Rich posted an update to the spec to address the language around garbage collection. https://dvcs.w3.org/hg/dap/diff/b4b2569b4e9b/discovery-api/Overview.src.html https://dvcs.w3.org/hg/dap/diff/b4b2569b4e9b/discovery-api/Overview.src.html (3) I reviewed the last several months of list traffic and, to my ability to scan, haven't seen comments or commitment from other browser vendors. I'll let Rich fill in if there are any updates here. I think an effort to evangelize and get additional participation will be helpful to the spec as a whole. Given the current set of feedback, we plan on working with the spec editors and coming back when we feel it is ready to implement. signature.asc Description: OpenPGP digital signature ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On 08/29/2013 09:37 PM, Sam Weinig wrote: I don't think this belongs in WebKit, as this doesn't seem like it would ever be appropriate to expose to the Web at large. I recommend trying to find a way to layer this on top of WebKit if it is something you need to support. While our use-case is definitely possible to implement outside of WebKit, I think the spec is useful for some kinds of applications. Right now, that's mainly media-related websites, which could benefit from access to local music and videos. Even if this API was only available to privileged apps (locally installed apps, from the app store for example), it would be a benefit to app developers, because they wouldn't need to use platform-specific API's. signature.asc Description: OpenPGP digital signature ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On 08/30/2013 11:06 AM, Oliver Hunt wrote: Here's my concern - if you say a service like x might want to search for something, that is better described as a random website. That may be something the user wants, alternatively it could be something evil. It could also be something evil embedded in an ad on the site a user trusts. My concern here is that as a web spec this essentially acts as a way for arbitrary web content from any source to perform a network scan of your local machine and get data about your internal network topology and services from inside your firewall. That's a really scary concept to me. This would require permission from the user, but it's definitely a valid concern that: * Users frequently ok on any popup, so maybe that's not good enough. * This could be pretty scary, combined with cross-site scripting attacks (or advertising). Would this be useful in WebKit if it was only enabled for apps with special privileges (HTML apps from the app store, for example)? signature.asc Description: OpenPGP digital signature ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On Fri, Aug 30, 2013 at 10:06 AM, Oliver Hunt oli...@apple.com wrote: On Aug 30, 2013, at 9:15 AM, Brendan Long s...@brendanlong.com wrote: On 08/29/2013 05:45 PM, Benjamin Poulain wrote: Can you explain a bit what it is for? What are the common use cases? This would be useful for certain kinds of web apps. For example,a music website like Pandora or Spotify could allow users to include music on their local network. Or a service like Netflix could include local network movies (on networked hard drives, or DVR's) in their search results, and play them from the same interface. Here's my concern - if you say a service like x might want to search for something, that is better described as a random website. That may be something the user wants, alternatively it could be something evil. It could also be something evil embedded in an ad on the site a user trusts. My concern here is that as a web spec this essentially acts as a way for arbitrary web content from any source to perform a network scan of your local machine and get data about your internal network topology and services from inside your firewall. That's a really scary concept to me. While there are certainly security concerns that need to be clearly thought through and addressed, the spec isn't as broad as you make it sound. It picks up services that are advertising themselves, after all; you can't probe. (Unless you've noticed something in the spec I haven't; I've scanned the spec, but not read it super-carefully). Another use case for this is for devices like AppleTVs and ChromeCast ... receivers advertise themselves on the local network, and the browser (and browser-based apps) can identify available receivers that you can send media to. The draft does contain the sentence Web pages should not be able to communicate with Local-networked Services that have not been authorized by the user thereby maintaining the user's privacy in the use cases section; this should definite be emphasized and fleshed out, in a security section. -- Dirk ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On Aug 30, 2013, at 12:44 PM, Dirk Pranke dpra...@chromium.org wrote: On Fri, Aug 30, 2013 at 10:06 AM, Oliver Hunt oli...@apple.com wrote: On Aug 30, 2013, at 9:15 AM, Brendan Long s...@brendanlong.com wrote: On 08/29/2013 05:45 PM, Benjamin Poulain wrote: Can you explain a bit what it is for? What are the common use cases? This would be useful for certain kinds of web apps. For example,a music website like Pandora or Spotify could allow users to include music on their local network. Or a service like Netflix could include local network movies (on networked hard drives, or DVR's) in their search results, and play them from the same interface. Here's my concern - if you say a service like x might want to search for something, that is better described as a random website. That may be something the user wants, alternatively it could be something evil. It could also be something evil embedded in an ad on the site a user trusts. My concern here is that as a web spec this essentially acts as a way for arbitrary web content from any source to perform a network scan of your local machine and get data about your internal network topology and services from inside your firewall. That's a really scary concept to me. While there are certainly security concerns that need to be clearly thought through and addressed, the spec isn't as broad as you make it sound. It picks up services that are advertising themselves, after all; you can't probe. (Unless you've noticed something in the spec I haven't; I've scanned the spec, but not read it super-carefully). Define advertise? Bonjour like? UPnP? The draft does contain the sentence Web pages should not be able to communicate with Local-networked Services that have not been authorized by the user thereby maintaining the user's privacy in the use cases section; this should definite be emphasized and fleshed out, in a security section. How does the user know what they're doing? If there's an ad/unescaped comment containing something malicious should a remote site be able to know what services you have in your internal network? -- Dirk ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Re: [webkit-dev] Proposed feature: Network Service Discovery
On Fri, Aug 30, 2013 at 3:48 PM, Oliver Hunt oli...@apple.com wrote: On Aug 30, 2013, at 12:44 PM, Dirk Pranke dpra...@chromium.org wrote: On Fri, Aug 30, 2013 at 10:06 AM, Oliver Hunt oli...@apple.com wrote: On Aug 30, 2013, at 9:15 AM, Brendan Long s...@brendanlong.com wrote: On 08/29/2013 05:45 PM, Benjamin Poulain wrote: Can you explain a bit what it is for? What are the common use cases? This would be useful for certain kinds of web apps. For example,a music website like Pandora or Spotify could allow users to include music on their local network. Or a service like Netflix could include local network movies (on networked hard drives, or DVR's) in their search results, and play them from the same interface. Here's my concern - if you say a service like x might want to search for something, that is better described as a random website. That may be something the user wants, alternatively it could be something evil. It could also be something evil embedded in an ad on the site a user trusts. My concern here is that as a web spec this essentially acts as a way for arbitrary web content from any source to perform a network scan of your local machine and get data about your internal network topology and services from inside your firewall. That's a really scary concept to me. While there are certainly security concerns that need to be clearly thought through and addressed, the spec isn't as broad as you make it sound. It picks up services that are advertising themselves, after all; you can't probe. (Unless you've noticed something in the spec I haven't; I've scanned the spec, but not read it super-carefully). Define advertise? Bonjour like? UPnP? Yes (the spec explicitly lists zeroconf, upnp, and dial). The draft does contain the sentence Web pages should not be able to communicate with Local-networked Services that have not been authorized by the user thereby maintaining the user's privacy in the use cases section; this should definite be emphasized and fleshed out, in a security section. How does the user know what they're doing? If there's an ad/unescaped comment containing something malicious should a remote site be able to know what services you have in your internal network? I'm not sure I understand your question, but I'm talking about the user having to opt-in to disclosing services, similar to the opt-ins we do for geolocation, media capture, local files, etc., e.g., Spotify would like to know if you have any local media receivers, etc. ... -- Dirk ___ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev