On Fri, Aug 30, 2013 at 3:48 PM, Oliver Hunt <oli...@apple.com> wrote:
> > On Aug 30, 2013, at 12:44 PM, Dirk Pranke <dpra...@chromium.org> wrote: > > On Fri, Aug 30, 2013 at 10:06 AM, Oliver Hunt <oli...@apple.com> wrote: > >> >> On Aug 30, 2013, at 9:15 AM, Brendan Long <s...@brendanlong.com> wrote: >> >> > On 08/29/2013 05:45 PM, Benjamin Poulain wrote: >> >> Can you explain a bit what it is for? What are the common use cases? >> > This would be useful for certain kinds of web apps. For example,a music >> website like Pandora or Spotify could allow users to include music on their >> local network. Or a service like Netflix could include local network movies >> (on networked hard drives, or DVR's) in their search results, and play them >> from the same interface. >> Here's my concern - if you say "a service like <x>" might want to search >> for something, that is better described as "a random website". That may be >> something the user wants, alternatively it could be something evil. It >> could also be something evil embedded in an ad on the site a user "trusts". >> >> My concern here is that as a web spec this essentially acts as a way for >> arbitrary web content from any source to perform a network scan of your >> local machine and get data about your internal network topology and >> services from inside your firewall. That's a really scary concept to me. >> > > While there are certainly security concerns that need to be clearly > thought through and addressed, the spec isn't as broad as you make it > sound. It picks up services that are advertising themselves, after all; you > can't probe. (Unless you've noticed something in the spec I haven't; I've > scanned the spec, but not read it super-carefully). > > > Define advertise? Bonjour like? UPnP? > > Yes (the spec explicitly lists zeroconf, upnp, and dial). > The draft does contain the sentence "Web pages should not be able to > communicate with Local-networked Services that have not been authorized by > the user thereby maintaining the user's privacy" in the use cases section; > this should definite be emphasized and fleshed out, in a security section. > > > How does the user know what they're doing? If there's an ad/unescaped > comment containing something malicious should a remote site be able to know > what services you have in your internal network? > I'm not sure I understand your question, but I'm talking about the user having to opt-in to disclosing services, similar to the opt-ins we do for geolocation, media capture, local files, etc., e.g., "Spotify would like to know if you have any local media receivers", etc. ... -- Dirk
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev