[webkit-dev] Proposed feature: Network Service Discovery
dpranke at chromium.org
Fri Aug 30 15:53:59 PDT 2013
On Fri, Aug 30, 2013 at 3:48 PM, Oliver Hunt <oliver at apple.com> wrote:
> On Aug 30, 2013, at 12:44 PM, Dirk Pranke <dpranke at chromium.org> wrote:
> On Fri, Aug 30, 2013 at 10:06 AM, Oliver Hunt <oliver at apple.com> wrote:
>> On Aug 30, 2013, at 9:15 AM, Brendan Long <self at brendanlong.com> wrote:
>> > On 08/29/2013 05:45 PM, Benjamin Poulain wrote:
>> >> Can you explain a bit what it is for? What are the common use cases?
>> > This would be useful for certain kinds of web apps. For example,a music
>> website like Pandora or Spotify could allow users to include music on their
>> local network. Or a service like Netflix could include local network movies
>> (on networked hard drives, or DVR's) in their search results, and play them
>> from the same interface.
>> Here's my concern - if you say "a service like <x>" might want to search
>> for something, that is better described as "a random website". That may be
>> something the user wants, alternatively it could be something evil. It
>> could also be something evil embedded in an ad on the site a user "trusts".
>> My concern here is that as a web spec this essentially acts as a way for
>> arbitrary web content from any source to perform a network scan of your
>> local machine and get data about your internal network topology and
>> services from inside your firewall. That's a really scary concept to me.
> While there are certainly security concerns that need to be clearly
> thought through and addressed, the spec isn't as broad as you make it
> sound. It picks up services that are advertising themselves, after all; you
> can't probe. (Unless you've noticed something in the spec I haven't; I've
> scanned the spec, but not read it super-carefully).
> Define advertise? Bonjour like? UPnP?
Yes (the spec explicitly lists zeroconf, upnp, and dial).
> The draft does contain the sentence "Web pages should not be able to
> communicate with Local-networked Services that have not been authorized by
> the user thereby maintaining the user's privacy" in the use cases section;
> this should definite be emphasized and fleshed out, in a security section.
> How does the user know what they're doing? If there's an ad/unescaped
> comment containing something malicious should a remote site be able to know
> what services you have in your internal network?
I'm not sure I understand your question, but I'm talking about the user
having to opt-in to disclosing services, similar to the opt-ins we do for
geolocation, media capture, local files, etc., e.g., "Spotify would like to
know if you have any local media receivers", etc. ...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev