>-----Original Message----- >From: Mark S. Miller [mailto:erig...@google.com] >Sent: Wednesday, March 18, 2009 9:13 AM >To: Allen Wirfs-Brock >... >So, in attempting to reason about the security of Caja, ADsafe, >WebSandbox, FBJS2, or Jacaranda, we must find some precise >codification of your "No rational implementation is going to do >something like that" and pray that we got it right. If defenders and >implementers read slightly different things into your "something like >that", holes will happen. Better to codify this in the spec, as that's >what the spec is for: an agreed common understanding to serve as a >coordination point for implementers, developers, attackers, and >defenders. >
First of all, implementers, defenders, and everybody else will always read slightly different things into any specification. If you want perfectly identical behavior then you don't want a standard instead you want a single universally used implementation. That has its own problems---the word "monoculture" comes to mind... Like all engineering, building a good JavaScript implementation is a matter of making trade-off among multiple dimensions of requirements and objectives. Security is only one of these dimensions. Implementers must determine in the context of their overall objectives and practical limitations the appropriate balance of between security, performance, robustness, features, etc. If a standard over specifies requirements along any of these dimensions those requirements are likely to simply be ignored by implementations and hence are self defeating from a standards perspective. Allen _______________________________________________ Es-discuss mailing list Es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
