Closed noncombatant closed 9 years ago
I've updated the spec with a high-level discussion of the security and privacy risks as well as specifics on how devices authorize origins. Details on the knowledge and consent ceremony are still sparse as I'm not sure how much the spec should leave up to browsers:
https://reillyeon.github.io/webusb/#security-and-privacy-considerations
Example security considerations:
Example privacy consideration:
Example mitigation:
...but then the spec needs to describe the requirements for the knowledge and consent ceremony.