-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments on security and privacy sections #273
Comments
Section 10.3.2 Mitigations
It seems the potential for abuse of permissions with TLS would be similar to violating other "guarantees" provided by TLS. While I agree that nothing is impossible, I don't see why we would treat this assertion differently from others, such as "Applications using TLS can be sure..." at the beginning of that paragraph. Am I missing something? Section 11.4.2 Mitigations "Shared blacklists"
I agree the wording is strange. Blacklisting Key Systems, even in combination with origin seems strange since the UA is to have vetted the Key Systems it exposes. Also, the spec already recommends implementations "Provide user controls to disable Key Systems or Key System use of identifiers." On the other hand, your proposal is more general. Section 11.4.2 Mitigations "Per-origin user alerts / prompts and permissions" |
PR #303. |
@steelejoe wrote the following in #221 (comment). I've moved the remaining items (and one reply) here to separate them from the larger "review" issue #221.
The text was updated successfully, but these errors were encountered: