This is a draft proposal for new work following the Web Security breakout at 2013 TPAC; aiming to harden the Web in the face of increased threats from passive monitoring and active attacks on the security of Web communications, by proposing new Recommendations and best practices guidance, including updates to Web security models and Specification design.
Secure All The Things
Threat Modeling: Develop a systematic understanding of vulnerable points in and around the Web Platform, with focus on those known to be exploited by attackers with large-scale monitoring capacity, or the ability to add infrastructural vulnerabilities (backdoors). Model the economics of attack and defense, including opportunistic encryption, in light of pervasive passive monitoring and active infrastructure attacks.
Comprehensive Security Review: Review existing protocol and API design in light of these threat models. Evaluate the designs in WebAppSec, WebCrypto, HTML, WebApps, SysApps, etc., and the security interaction among parts of the Open Web Platform.
Gap Analysis: Ask big questions about Web security, and propose research and design work toward answering them. For example: What is missing to enable greater use of end-to-end encryption at the Web application layer? How can we provide Web-users with usable security guidance and safe defaults?
Leverage Platform Security Features: Develop security hooks between the Web and the underlying platform (existing and emerging). Make security features such as TLS, DNSSEC, DANE, and the TLS integration in HTTP2.0 available to browsers and Web applications. Improve and make consistent user interfaces for certificate and trust management. Promote decentralized security architectures, such as network perspectives and resilience. Help to secure use of Web applications and Web content offline, widget updates, library loading through improved authentication and integrity-checking.
Security Best Practices: Promote consistency of security interfaces to enable the Web's end-users to demand and recognize safe practices. Make security workable for all legitimate ecosystem participants by considering middle-boxes and caches. Contribute to broader discussions of security across layer and entity boundaries.
Additional thoughts from the group
Sandbox Securities at client side
Secure Delete: as the privacy browsing mode, allow secure delete after DOM operations finished. clean-up memory even at persistent virtual memory like windows pagefile.sys
"Service Workers" and "fetch"? https://github.com/slightlyoff/ServiceWorker