Describe manifest update behavior #1011
Conversation
There was a problem hiding this comment.
@philloooo, happy to work on this together... I can take the HTML spec updates if you'd like.
Co-authored-by: Marcos Cáceres <marcos@marcosc.com>
|
From our call today: For the purpose of updating, the following member are security-sensitive members, as they are presented during installation and on launch surfaces:
User agents SHOULD NOT automatically apply changes to [=security-sensitive members=] without [=express permission=] from the user. Instead, user agents SHOULD present changes to [=security-sensitive members=] with appropriate management options, so the user can make an informed decision about updating the web application. The user agent MAY automatically apply the changes if the update does not contain changes to [=security-sensitive members=]. Aside: A user agent won't not apply a partial update. For example, the user agent could present options to the user:
|
|
Sounds reasonable. Is there any option for a UA to make a determination on the relative substance of the change? For example, if the name went from Company to Company™, that's not terribly significant. Same could be said for changing the colors of an icon while maintaining the same design. I'm not suggesting how the UA might determine the substance of a change and where they should peg the threshold of needing to inform the user, but it could cut down on unnecessary notices. |
Sure, it's all just "recommendations" after all. However, implementers would do that at their own risk because an attacker would try to abuse such heuristics if/where possible. We might need to add that to the Security Considerations. |
Co-authored-by: Marcos Cáceres <marcos@marcosc.com>
Co-authored-by: Marcos Cáceres <marcos@marcosc.com>
| <aside class="note" title= | ||
| "A user agent will not apply a partial update"> | ||
| <p> | ||
| When the update contains changes both to [=security-sensitive |
There was a problem hiding this comment.
@marcoscaceres I've added some context to the partial update note, let me know what you think.
index.html
Outdated
| <li>Report the website as abusive/spam. | ||
| </li> |
There was a problem hiding this comment.
| <li>Report the website as abusive/spam. | |
| </li> | |
| <li>Report the website as malicious. | |
| </li> |
Co-authored-by: Marcos Cáceres <marcos@marcosc.com>
|
Adding myself in comments for searching purposes |
closes #446
This change is dependent on #988
This change (choose at least one, delete ones that don't apply):
Commit message:
(Fill in. If making normative changes, describe exactly what the behavioral
difference will be.)
Person merging, please make sure that commits are squashed with one of the following as a commit message prefix:
Preview | Diff
Preview | Diff