Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create separate security and privacy considerations sections #187

Merged
merged 2 commits into from Jan 19, 2022
Merged

create separate security and privacy considerations sections #187

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
28fbffb
create separate security and privacy considerations sections
equalsJeffH Jan 19, 2022
c04caaf
'timing attacks' is also a privacy cons subsection
equalsJeffH Jan 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
25 changes: 15 additions & 10 deletions index.bs
View file
Open in desktop
Expand Up @@ -2049,7 +2049,7 @@ spec:css-syntax-3;
██████ ████████ ██████ ███████ ██ ██ ████ ██ ██
-->
<section>
# Security and Privacy Considerations # {#security-and-privacy}
# Security Considerations # {#security-considerations}

The following sections represent guidelines for various security and privacy considerations.
Individual credential types may enforce stricter or more relaxed versions of these guidelines.
Expand Down Expand Up @@ -2136,15 +2136,6 @@ spec:css-syntax-3;
will immedietely return an empty set if called from inside a {{Worker}}, or a non-[=top-level
browsing context=].

## Timing Attacks ## {#security-timing}

If the user has no credentials for an origin, a call to {{CredentialsContainer/get()}} will
resolve very quickly indeed. A malicious website could distinguish between a user with no
credentials and a user with credentials who chooses not to share them.

User agents SHOULD also rate-limit credential requests. It's almost certainly abusive for a page
to request credentials more than a few times in a short period.

## Signing-Out ## {#security-signout}

If a user has chosen to automatically sign-in to websites, as discussed in
Expand All @@ -2164,6 +2155,20 @@ spec:css-syntax-3;
the [=credential store=] to `true`. Additionally, the user agent SHOULD provide some UI affordance
for disabling automatic sign-in for a particular origin. This could be tied to the notification
that credentials have been provided to an origin, for example.
</section>


<section>
# Privacy Considerations # {#privacy-considerations}

## Timing Attacks ## {#security-timing}

If the user has no credentials for an origin, a call to {{CredentialsContainer/get()}} will
resolve very quickly indeed. A malicious website could distinguish between a user with no
credentials and a user with credentials who chooses not to share them.

User agents SHOULD also rate-limit credential requests. It's almost certainly abusive for a page
to request credentials more than a few times in a short period.

## Chooser Leakage ## {#security-chooser-leakage}

Expand Down