Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Responses to the Security and Privacy Self-Review questionaire #12

Closed
frivoal opened this issue May 23, 2024 · 0 comments
Closed

Responses to the Security and Privacy Self-Review questionaire #12

frivoal opened this issue May 23, 2024 · 0 comments
Labels
Closed: Question answered Used when the discussion has reached a conclusion, but there wasn't any actual issue with the spec.. Decision by: Editor's jugement Issue closed by the Editor judging that there was sufficient agreement / no need for agreement privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. Type: Question Questions about the specification which only seek an answer, and do no need changes to the spec.

Comments

@frivoal
Copy link
Collaborator

frivoal commented May 23, 2024

Responses to the Self-Review Questionnaire: Security and Privacy, filed against the 23 May 2024 Working Draft.

  1. What information does this feature expose,
    and for what purposes?

This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements.

No information about or from the user nor their environment is exposed to any party.

  1. Do features in your specification expose the minimum amount of information
    necessary to implement the intended functionality?

They do not expose any information to anyone, other than conveying text from an origin to a user, as would other HTML Text-level elements.

  1. Do the features in your specification expose personal information,
    personally-identifiable information (PII), or information derived from
    either?

No.

  1. How do the features in your specification deal with sensitive information?

This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements. It is not exposed to sensitive information, and therefore do not need to do anything about it.

  1. Do the features in your specification introduce state
    that persists across browsing sessions?

No.

  1. Do the features in your specification expose information about the
    underlying platform to origins?

No.

  1. Does this specification allow an origin to send data to the underlying
    platform?

No.

  1. Do features in this specification enable access to device sensors?

No.

  1. Do features in this specification enable new script execution/loading
    mechanisms?

No.

  1. Do features in this specification allow an origin to access other devices?

No.

  1. Do features in this specification allow an origin some measure of control over
    a user agent's native UI?

No.

  1. What temporary identifiers do the features in this specification create or
    expose to the web?

None.

  1. How does this specification distinguish between behavior in first-party and
    third-party contexts?

No difference is made, and none seems appropriate or necessary.

  1. How do the features in this specification work in the context of a browser’s
    Private Browsing or Incognito mode?

No difference is made, and none seems appropriate or necessary.

  1. Does this specification have both "Security Considerations" and "Privacy
    Considerations" sections?

yes.

  1. Do features in your specification enable origins to downgrade default
    security protections?

No.

  1. What happens when a document that uses your feature is kept alive in BFCache
    (instead of getting destroyed) after navigation, and potentially gets reused
    on future navigations back to the document?

Nothing special. This is just marked up text.

  1. What happens when a document that uses your feature gets disconnected?

Nothing special. This is just marked up text.

  1. What should this questionnaire have asked?

Nothing additional seems needed. This is not a security of privacy sensitive feature.
@frivoal frivoal added privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. Closed: Question answered Used when the discussion has reached a conclusion, but there wasn't any actual issue with the spec.. Decision by: Editor's jugement Issue closed by the Editor judging that there was sufficient agreement / no need for agreement Type: Question Questions about the specification which only seek an answer, and do no need changes to the spec. labels May 23, 2024
@frivoal frivoal closed this as completed May 23, 2024
This was referenced May 23, 2024
Closed
Open
This was referenced May 23, 2024
Open
Open
@frivoal frivoal mentioned this issue May 31, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Question answered Used when the discussion has reached a conclusion, but there wasn't any actual issue with the spec.. Decision by: Editor's jugement Issue closed by the Editor judging that there was sufficient agreement / no need for agreement privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. Type: Question Questions about the specification which only seek an answer, and do no need changes to the spec.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@frivoal