[whatwg] whatwg Digest, Vol 82, Issue 10
Aryeh Gregor
Simetrical+w3c at gmail.com
Thu Jan 6 14:21:47 PST 2011
On Wed, Jan 5, 2011 at 7:47 PM, Glenn Maynard <glenn at zewt.org> wrote:
> Javascript injection is a harder problem, for example: it isn't
> prevented by SSL, can persist without maintenance (unlike an MITM
> attack), can be introduced untracably and without any special network
> access (you don't need to "get in the middle"), and so in practice are
> much more common than MITM attacks.
An XSS attack can still get IP address, and thus usually rough
location, so most of what I said still holds.
> It's bothered me for a long time that browsers treat self-signed
> certificates as *less* secure than plaintext, which is nonsense.
Lots of people have written extensive explanations of why browsers do
this. Here's one I submitted as a comment to lwn.net a while back,
maybe it will clear things up: http://lwn.net/Articles/413600/
> By the way, another real-world issue with SSL is that it's
> considerably more computationally expensive: handling encrypted
> requests takes much more CPU, especially for high-bandwidth servers.
> Not every service can afford to buy extra or more powerful servers to
> handle this.
Apparently this isn't a real issue anymore in practice. CPUs are fast
enough that SSL is no big deal. Google saw only a small load increase
when it turned on HTTPS by default for all Gmail users:
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
On Thu, Jan 6, 2011 at 12:21 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> How do you revoke it? Once someone knows where you are, they know it. You
> can't make them stop knowing it.
In the context of an attacker who has some particular notion of who
you are and wants to connect that to your location, yes. But is this
likely to be a common threat? It's all very well to consider worst
cases, but the default convenience/security tradeoff has to be
calculated according to the typical case, not the worst case. Typical
users are the ones who determine market share, and if the web platform
refuses to add features that would benefit the typical user because
they would hurt atypical users, typical users will choose other
platforms.
The web platform is so intrinsically convenient that it can remain
competitive with conventional applications while erring far on the
side of security in convenience/security tradeoffs. But comparably
convenient platforms like Flash or mobile app stores will gain more
users if the web trades away too much convenience by comparison.
Ideally we should try to accommodate all users' security needs without
sacrificing convenience, but in cases where that's not possible,
atypical users will inevitably have to reconfigure their browsers.
Of course, maybe I'm just missing the cases where a reasonably typical
user (not, e.g., the target of malicious governments, or stalkers who
happen to be hackers) would be attacked in a fashion where anyone
would be interested in learning their location once and remembering
it.
> http://www.technologyreview.com/web/26981/page1/ might be worth reading.
Users who use Tor for their web browsing are decidedly atypical, and
can be expected to remain so given the inherent performance penalty it
imposes.
More information about the whatwg
mailing list