ome privilege, but given the user has chosen to
> buy the vendor's device, I think that's fair. Judgement call again.
>
I certainly agree that this would be better than not allowing third parties
to access devices
at all. I would be more enthusiastic about it if:
(1) There was a simpl
On Mon, Dec 14, 2015 at 11:09 PM, Eric Rescorla wrote:
> This is certainly something one could consider, but it it seems like it
> confers a major
> advantage on the vendor vis-a-vis everyone else. If we're going to have an
> add-on
> mechanism, I don't see why vendors can't use it too.
>
I thin
On Mon, Dec 14, 2015 at 8:02 PM, Robert O'Callahan
wrote:
> On Mon, Dec 14, 2015 at 9:29 PM, Eric Rescorla wrote:
>
>> On Thu, Dec 10, 2015 at 1:36 AM, Martin Thomson wrote:
>>
>>> On Thu, Dec 10, 2015 at 5:17 PM, Robert O'Callahan
>>> wrote:
>>> > On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla
On Mon, Dec 14, 2015 at 9:29 PM, Eric Rescorla wrote:
> On Thu, Dec 10, 2015 at 1:36 AM, Martin Thomson wrote:
>
>> On Thu, Dec 10, 2015 at 5:17 PM, Robert O'Callahan
>> wrote:
>> > On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla wrote:
>> >
>> >> (4) Have the APIs hidden behind access controls
On Thu, Dec 10, 2015 at 1:36 AM, Martin Thomson wrote:
> On Thu, Dec 10, 2015 at 5:17 PM, Robert O'Callahan
> wrote:
> > On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla wrote:
> >
> >> (4) Have the APIs hidden behind access controls that need to be enabled
> by
> >> an extension
> >> (but a trivi
On Wed, Dec 9, 2015 at 4:55 PM, Tim Guan-tin Chien wrote:
> On Fri, Dec 4, 2015 at 7:01 PM, Robert O'Callahan
> wrote:
>>
>> On Fri, Dec 4, 2015 at 2:43 PM, Eric Rescorla wrote:
>>
>> >
>> > Sure. Conversely, I don't find myself convinced by your position.
>> >
>> > Would be happy to talk about
On Thu, Dec 10, 2015 at 5:17 PM, Robert O'Callahan wrote:
> On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla wrote:
>
>> (4) Have the APIs hidden behind access controls that need to be enabled by
>> an extension
>> (but a trivial one). Perhaps you think this is #2.
>>
>
> I realized I don't understa
On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla wrote:
> (4) Have the APIs hidden behind access controls that need to be enabled by
> an extension
> (but a trivial one). Perhaps you think this is #2.
>
I realized I don't understand exactly what this means.
I assume "extension" means a privileged
On Fri, Dec 4, 2015 at 7:01 PM, Robert O'Callahan wrote:
>
> On Fri, Dec 4, 2015 at 2:43 PM, Eric Rescorla wrote:
>
> >
> > Sure. Conversely, I don't find myself convinced by your position.
> >
> > Would be happy to talk about this live if you think that's useful.
> >
>
> Probably not ... these a
On Thursday, December 3, 2015 at 11:49:32 PM UTC-8, Jonas Sicking wrote:
> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan wrote:
> > 1) What I suggested: Whitelist vendor origins for access to their devices
> > and have vendor-hosted pages ("Web drivers"?) expose "safe" API to
> > third-party a
On Fri, Dec 4, 2015 at 10:56 PM, Eric Rescorla wrote:
>
>
> Color me unconvinced. One of the major difficulties with consumer
> electronics devices
> that are nominally connectable to your computer is that the vendors do a
> bad job
> of making it possible for third party vendors to talk to them.
On Fri, Dec 4, 2015 at 2:43 PM, Eric Rescorla wrote:
>
> Sure. Conversely, I don't find myself convinced by your position.
>
> Would be happy to talk about this live if you think that's useful.
>
Probably not ... these are judgement calls that are difficult to resolve.
Rob
--
lbir ye,ea yer.tn
r
On Fri, Dec 4, 2015 at 2:25 PM, Robert O'Callahan
wrote:
> On Fri, Dec 4, 2015 at 1:56 PM, Eric Rescorla wrote:
>
>> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan
>> wrote:
>>
>>> There are three possible approaches I can see to expose USB devices to
>>> third-party applications:
>>> 1)
On Fri, Dec 4, 2015 at 1:56 PM, Eric Rescorla wrote:
> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan
> wrote:
>
>> There are three possible approaches I can see to expose USB devices to
>> third-party applications:
>> 1) What I suggested: Whitelist vendor origins for access to their devices
On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan
wrote:
> On Wed, Dec 2, 2015 at 10:00 AM, Eric Rescorla wrote:
>
>> On Wed, Dec 2, 2015 at 9:53 AM, Robert O'Callahan
>> wrote:
>>
>> I'd really like to see WebUSB with USB device IDs are bound to
On Fri, Dec 4, 2015 at 8:04 PM, Robert O'Callahan wrote:
> However, for USB the "Web driver" approach seems better than that, to me.
> It makes it easy to update the vendor library to fix security bugs and
> update the API. If the Web API is baked into the device firmware that's a
> lot harder.
T
On Thu, Dec 3, 2015 at 11:48 PM, Jonas Sicking wrote:
> On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan
> wrote:
> > 1) What I suggested: Whitelist vendor origins for access to their devices
> > and have vendor-hosted pages ("Web drivers"?) expose "safe" API to
> > third-party applications.
>
On Wed, Dec 2, 2015 at 2:13 PM, Robert O'Callahan wrote:
> 1) What I suggested: Whitelist vendor origins for access to their devices
> and have vendor-hosted pages ("Web drivers"?) expose "safe" API to
> third-party applications.
> 2) Design a permissions API that one way or another lets users aut
On Wed, Dec 2, 2015 at 10:00 AM, Eric Rescorla wrote:
> On Wed, Dec 2, 2015 at 9:53 AM, Robert O'Callahan
> wrote:
>
> I'd really like to see WebUSB with USB device IDs are bound to specific
>> origins (through a registry for legacy devices and through the USB proto
19 matches
Mail list logo