tag:blogger.com,1999:blog-418176209892776711.post6386047684942075568..comments2024-03-16T19:33:51.896-07:00Comments on Masinter's Musings: Web Standards and SecurityLarry Masinterhttp://www.blogger.com/profile/17430215720106687178noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-418176209892776711.post-27989224393858154292013-01-07T21:09:06.163-08:002013-01-07T21:09:06.163-08:00Reading and understanding the specification, if av...Reading and understanding the specification, if available, is one of the first things any security researcher will do when trying to break software. When testing some implementation of TCP, HTTP, URL, HTML, Shadow DOM or whatever, the spec is the starting point. During security assessments, test cases can be derived directly from those specs, testing the explicit assumptions around security, and also thinking creatively about abuse cases that may not have been imagined. Simple and clearly-written specs help the cause, but you're right, it's very much an arms race, especially as releases rot and implementations drift over time. <br /><br />I see security not so much anti-architectural, but more anti-workflow. Security requirements are often seen as speed bumps and greeted with grunts and groans by any but the most pragmatic and security-conscious engineer. Anonymoushttps://www.blogger.com/profile/13379556110278063970noreply@blogger.comtag:blogger.com,1999:blog-418176209892776711.post-23513576595118908122012-12-30T10:22:06.031-08:002012-12-30T10:22:06.031-08:00On scope for IETF and W3C: I think it's best t...On scope for IETF and W3C: I think it's best to think of the "development community" as those who are developing the Internet and the Web, and IETF and W3C and WHAT-WG as venues -- like conference halls: they provide meeting rooms, guards who check badges, and publish the proceedings, but the real work is done by the participants. The "scope" of each doesn't matter much as long as there's a decision! The main problem with the URL mess is that there are 3 different organizations and 7 committees, none of which take responsibility for resolving the conflicts.<br />Larry Masinterhttps://www.blogger.com/profile/17430215720106687178noreply@blogger.comtag:blogger.com,1999:blog-418176209892776711.post-50706181041102943772012-12-29T16:15:06.619-08:002012-12-29T16:15:06.619-08:001. Incorrect programs often can be coerced into at...1. Incorrect programs often can be coerced into attacker-controlled behavior<br />2. Program correctness is too hard<br />3. Therefore....<br /><br />(rpg may have the last laugh in the battle with New Jersey; the consequences of #1 are a catastrophe in C.)<br /><br />As you say, standardization is different from writing software. The bottleneck of common agreement we reach on protocols may make them more amenable to analysis than programs.<br /><br />I am not sure where to place the yellow out-of-scope tape for IETF or W3C activities. <br /><br />I don't think the disaster of black-and-white trust is going away until the naive ontology of X.509 is discredited. As the Semantic Web itself becomes less binary there may be some useful convergence for trust management.Jay Carlsonhttp://example.com/mailto/nop%40nop.com#what-do-you-mean-mailto-is-an-invalid-schemanoreply@blogger.com