On 26/06/06, Ian Hickson <[EMAIL PROTECTED]> wrote:
On Mon, 26 Jun 2006, Gervase Markham wrote: > > > > interface StorageItem { > > attribute boolean secure; > > attribute DOMString value; > > }; > > I would like to suggest the the "secure" attribute be an integer rather > than a boolean, initially with 0 meaning insecure, and 1 meaning secure. > > So, for example, you could have StorageItems which were only returned if > the page on the site was secured with a new EV cert, and was not > accessible to pages which had an ordinary cert or no cert.Is it ever possible to get an "ordinary cert" which claims to identify some domain, but which was not purchased by the owners of that domain?
Depends on your definition of "ordinary" - what about self-signed certificates, or certificate chains that do not resolve to a known root certificate? A very security conscious application author might want to be able to limit access to stored data only to certificates that are 100% kosher, so that even if the UA warns the user about a certificate problem and the user accepts it, stored information isn't made available.
The only reason for the "secure" attribute is to avoid DNS spoofing; the flag has two values -- allow DNS to be spoofed and return the item whether or not the site was spoofed, and only return the item if the site's certificate matched the domain name of the site.
In that case perhaps a bit more prose listing a few other scenarios UAs should limit access to stored info would do, such as ? -- Hallvord R. M. Steen
