Hello WebKit Dev folks, Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/ Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported. FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done. TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238 Thank you, Francois.
We oppose this feature and will not implement it. We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform. We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 <fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/ <https://w3c.github.io/web-nfc/>
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 <https://github.com/w3ctag/design-reviews/issues/461> Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 <https://www.chromestatus.com/features/6261030015467520> Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238 <https://github.com/mozilla/standards-positions/issues/238>
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
As promised earlier, here's the intent to experiment thread URL we've just sent to blink-dev: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA It would be greatly appreciated if you could share specifics about your decision. Some alternative designs would also help moving this discussion forward. Thank you, Francois. On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
We oppose this feature and will not implement it.
We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform.
We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 <fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Gentle ping. On Mon, Jan 13, 2020 at 12:56 PM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
As promised earlier, here's the intent to experiment thread URL we've just sent to blink-dev: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA
It would be greatly appreciated if you could share specifics about your decision. Some alternative designs would also help moving this discussion forward.
Thank you, Francois.
On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
We oppose this feature and will not implement it.
We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform.
We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 <fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
I'm not sure what specifics you're looking for but the issue is that we don't believe permission prompt is sufficient mitigation. Ordinary people don't understand the full security & privacy implications of granting NFC access when asked. - R. Niwa On Wed, Jan 22, 2020 at 12:04 AM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Gentle ping.
On Mon, Jan 13, 2020 at 12:56 PM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
As promised earlier, here's the intent to experiment thread URL we've just sent to blink-dev: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA
It would be greatly appreciated if you could share specifics about your decision. Some alternative designs would also help moving this discussion forward.
Thank you, Francois.
On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
We oppose this feature and will not implement it.
We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform.
We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________
webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
Maciej said earlier they could provide more details if desired. Would you have any alternative ideas that would help ordinary people understand the full security & privacy implications of granting NFC access? Thank you, Francois. On Wed, Jan 22, 2020 at 8:15 AM Ryosuke Niwa <rniwa@webkit.org> wrote:
I'm not sure what specifics you're looking for but the issue is that we don't believe permission prompt is sufficient mitigation. Ordinary people don't understand the full security & privacy implications of granting NFC access when asked.
- R. Niwa
On Wed, Jan 22, 2020 at 12:04 AM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Gentle ping.
On Mon, Jan 13, 2020 at 12:56 PM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
As promised earlier, here's the intent to experiment thread URL we've just sent to blink-dev: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA
It would be greatly appreciated if you could share specifics about your decision. Some alternative designs would also help moving this discussion forward.
Thank you, Francois.
On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
We oppose this feature and will not implement it.
We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform.
We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________
webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
On Wed, Jan 22, 2020 at 12:23 AM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Maciej said earlier they could provide more details if desired.
Well, you have to tell us what details you're looking for. Would you have any alternative ideas that would help ordinary people
understand the full security & privacy implications of granting NFC access?
I can't imagine how given most people don't know what NFC is. I'll go off a bit on a tangent and say that one of the primary strengths of the Web is that users can visit any website without the fear of their computing devices being permanently compromised. Unfortunately, APIs such as Web NFC, Web USB, Web Serial API would pose new threats for persistent attacks on external devices exposed by those APIs. If we continue this path, at some point (or maybe we're already there), the Web will turn into any other non-Web platform where ordinary users can (or are advised to) only use well known trusted applications or visit well known trusted websites just like how native apps work today. - R. Niwa On Wed, Jan 22, 2020 at 8:15 AM Ryosuke Niwa <rniwa@webkit.org> wrote:
I'm not sure what specifics you're looking for but the issue is that we don't believe permission prompt is sufficient mitigation. Ordinary people don't understand the full security & privacy implications of granting NFC access when asked.
- R. Niwa
On Wed, Jan 22, 2020 at 12:04 AM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Gentle ping.
On Mon, Jan 13, 2020 at 12:56 PM François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
As promised earlier, here's the intent to experiment thread URL we've just sent to blink-dev: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/8bsAd-PsdbA
It would be greatly appreciated if you could share specifics about your decision. Some alternative designs would also help moving this discussion forward.
Thank you, Francois.
On Mon, Jan 6, 2020 at 10:48 PM Maciej Stachowiak <mjs@apple.com> wrote:
We oppose this feature and will not implement it.
We do not believe a permission prompt is a sufficient mitigation for the serious security and privacy risks raised by this specification. In addition, we think exposing direct hardware access to the web is a bad idea and compromises the device-independence of the web platform.
We can provide more details if desired but it may take a few days.
On Jan 5, 2020, at 11:40 PM, François Beaufort 🇫🇷 < fbeaufort@google.com> wrote:
Hello WebKit Dev folks,
Following Maciej's invitation to send requests for positions on Web API proposals to webkit-dev, we would like to know WebKit's position on Web NFC: https://w3c.github.io/web-nfc/
Web NFC aims to provide sites the ability to read and write to nearby NFC devices. The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations with the ISO-DEP protocol and Host-based Card Emulation (HCE) are not supported.
FYI, an intent to experiment will be posted soon on blink-dev. I'll update this webkit-dev thread with the URL when done.
TAG Review: https://github.com/w3ctag/design-reviews/issues/461 Chromestatus URL: https://www.chromestatus.com/features/6261030015467520 Mozilla standards-positions: https://github.com/mozilla/standards-positions/issues/238
Thank you, Francois. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________
webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
participants (3)
-
François Beaufort 🇫🇷
-
Maciej Stachowiak
-
Ryosuke Niwa