[prev in list] [next in list] [prev in thread] [next in thread]
List: webkit-dev
Subject: Re: [webkit-dev] WebKit position on Web NFC
From: Ryosuke Niwa <rniwa () webkit ! org>
Date: 2020-01-22 8:15:28
Message-ID: CABNRm60h_QqKdA76NypB3QyVc8o-J8QDbTMKn5VW-UUQHZ0miQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I'm not sure what specifics you're looking for but the issue is that we
don't believe permission prompt is sufficient mitigation. Ordinary people
don't understand the full security & privacy implications of granting NFC
access when asked.
- R. Niwa
On Wed, Jan 22, 2020 at 12:04 AM Fran=C3=A7ois Beaufort =F0=9F=87=AB=F0=9F=
=87=B7 <
fbeaufort@google.com> wrote:
> Gentle ping.
>
> On Mon, Jan 13, 2020 at 12:56 PM Fran=C3=A7ois Beaufort =F0=9F=87=AB=F0=
=9F=87=B7 <
> fbeaufort@google.com> wrote:
>
>> As promised earlier, here's the intent to experiment thread URL we've
>> just sent to blink-dev:
>> https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-P=
sdbA
>>
>> It would be greatly appreciated if you could share specifics about your
>> decision.
>> Some alternative designs would also help moving this discussion forward.
>>
>> Thank you,
>> Francois.
>>
>> On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
>>
>>>
>>> We oppose this feature and will not implement it.
>>>
>>> We do not believe a permission prompt is a sufficient mitigation for th=
e
>>> serious security and privacy risks raised by this specification. In
>>> addition, we think exposing direct hardware access to the web is a bad =
idea
>>> and compromises the device-independence of the web platform.
>>>
>>> We can provide more details if desired but it may take a few days.
>>>
>>> On Jan 5, 2020, at 11:40 PM, Fran=C3=A7ois Beaufort =F0=9F=87=AB=F0=9F=
=87=B7 <
>>> fbeaufort@google.com> wrote:
>>>
>>> Hello WebKit Dev folks,
>>>
>>> Following Maciej's invitation to send requests for positions on Web API
>>> proposals to webkit-dev, we would like to know WebKit's position on Web
>>> NFC: https://w3c.github.io/web-nfc/
>>>
>>> Web NFC aims to provide sites the ability to read and write to nearby
>>> NFC devices. The current scope is limited to NDEF, a lightweight binary
>>> message format. Low-level I/O operations with the ISO-DEP protocol and
>>> Host-based Card Emulation (HCE) are not supported.
>>>
>>> FYI, an intent to experiment will be posted soon on blink-dev.
>>> I'll update this webkit-dev thread with the URL when done.
>>>
>>> TAG Review: https://github.com/w3ctag/design-reviews/issues/461
>>> Chromestatus URL: https://www.chromestatus.com/features/626103001546752=
0
>>> Mozilla standards-positions:
>>> https://github.com/mozilla/standards-positions/issues/238
>>>
>>> Thank you,
>>> Francois.
>>> _______________________________________________
>>> webkit-dev mailing list
>>> webkit-dev@lists.webkit.org
>>> https://lists.webkit.org/mailman/listinfo/webkit-dev
>>>
>>>
>>> _______________________________________________
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
[Attachment #5 (text/html)]
<div dir="ltr"><div>I'm not sure what specifics you're looking for but the \
issue is that we don't believe permission prompt is sufficient mitigation. \
Ordinary people don't understand the full security & privacy implications of \
granting NFC access when asked.</div><div><br></div><div>- R. Niwa</div><div \
dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On \
Wed, Jan 22, 2020 at 12:04 AM François Beaufort 🇫🇷 <<a \
href="mailto:fbeaufort@google.com">fbeaufort@google.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Gentle ping.</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Mon, Jan 13, 2020 at 12:56 PM François Beaufort 🇫🇷 \
<<a href="mailto:fbeaufort@google.com" \
target="_blank">fbeaufort@google.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">As promised earlier, here's the intent to experiment thread URL \
we've just sent to blink-dev: <a \
href="https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA" \
target="_blank">https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA</a><br><br><div>It \
would be greatly appreciated if you could share specifics about your \
decision.</div><div>Some alternative designs would also help moving this discussion \
forward.<br><br>Thank you,</div><div>Francois.<br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 6, 2020 at 10:48 PM \
Maciej Stachowiak <<a href="mailto:mjs@apple.com" \
target="_blank">mjs@apple.com</a>> wrote:<br></div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div><br></div>We \
oppose this feature and will not implement it.<div><br></div><div>We do not believe a \
permission prompt is a sufficient mitigation for the serious security and privacy \
risks raised by this specification. In addition, we think exposing direct hardware \
access to the web is a bad idea and compromises the device-independence of the web \
platform.</div><div><br></div><div>We can provide more details if desired but it may \
take a few days.<br><div><br><blockquote type="cite"><div>On Jan 5, 2020, at 11:40 \
PM, François Beaufort 🇫🇷 <<a href="mailto:fbeaufort@google.com" \
target="_blank">fbeaufort@google.com</a>> wrote:</div><br><div><div \
dir="ltr"><div>Hello WebKit Dev folks,</div><div><br>Following Maciej's \
invitation to send requests for positions on Web API proposals to webkit-dev, we \
would like to know WebKit's position on Web NFC: <a \
href="https://w3c.github.io/web-nfc/" \
target="_blank">https://w3c.github.io/web-nfc/</a></div><div><br>Web NFC aims to \
provide sites the ability to read and write to nearby NFC devices. The current scope \
is limited to NDEF, a lightweight binary message format. Low-level I/O operations \
with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not \
supported.<br><br></div><div>FYI, an intent to experiment will be posted soon on \
blink-dev.</div><div>I'll update this webkit-dev thread with the URL when \
done.</div><div><br>TAG Review: <a \
href="https://github.com/w3ctag/design-reviews/issues/461" \
target="_blank">https://github.com/w3ctag/design-reviews/issues/461</a><br>Chromestatus \
URL: <a href="https://www.chromestatus.com/features/6261030015467520" \
target="_blank">https://www.chromestatus.com/features/6261030015467520</a><br>Mozilla \
standards-positions: <a \
href="https://github.com/mozilla/standards-positions/issues/238" \
target="_blank">https://github.com/mozilla/standards-positions/issues/238</a><br><br>Thank \
you,</div><div>Francois.</div></div> \
_______________________________________________<br>webkit-dev mailing list<br><a \
href="mailto:webkit-dev@lists.webkit.org" \
target="_blank">webkit-dev@lists.webkit.org</a><br><a \
href="https://lists.webkit.org/mailman/listinfo/webkit-dev" \
target="_blank">https://lists.webkit.org/mailman/listinfo/webkit-dev</a><br></div></blockquote></div><br></div></div></blockquote></div>
</blockquote></div>
_______________________________________________<br>
webkit-dev mailing list<br>
<a href="mailto:webkit-dev@lists.webkit.org" \
target="_blank">webkit-dev@lists.webkit.org</a><br> <a \
href="https://lists.webkit.org/mailman/listinfo/webkit-dev" rel="noreferrer" \
target="_blank">https://lists.webkit.org/mailman/listinfo/webkit-dev</a><br> \
</blockquote></div></div>
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic