[Jmap] JMAP security

podkorytov <podkorytov@mail.ru> Wed, 08 February 2017 17:29 UTC

Return-Path: <podkorytov@mail.ru>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DBB2129CC0 for <jmap@ietfa.amsl.com>; Wed, 8 Feb 2017 09:29:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mail.ru
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcZ6sDIDi62G for <jmap@ietfa.amsl.com>; Wed, 8 Feb 2017 09:28:58 -0800 (PST)
Received: from smtp58.i.mail.ru (smtp58.i.mail.ru [217.69.128.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 459C2129CC1 for <jmap@ietf.org>; Wed, 8 Feb 2017 09:28:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Type:MIME-Version:To:From:Message-ID:Subject:Date; bh=Hj0n3MY3PPWt8X2p6ek+pBt8IKNCyrGJo5WVLKyvE+I=; b=tvBU2Zp/xgfMASXEbeLTJuwxTOgT5HfPzzzqzqG1QqtOW0UHwxRdSms+sJdrZHwgk6XkPfNIlnVTkU2zLc/jXk/pNvW7d0+WEfyoUiqk6myPFiTOM4hWQuU1omf58PU1v8ukgKWWEpDr2SgN0ob3AuOeWjjY7pviaQrCdb7jFaQ=;
Received: from [176.59.205.124] (port=38654 helo=[10.38.99.97]) by smtp58.i.mail.ru with esmtpa (envelope-from <podkorytov@mail.ru>) id 1cbW34-0005PA-5I for jmap@ietf.org; Wed, 08 Feb 2017 20:28:54 +0300
Date: Wed, 08 Feb 2017 22:28:48 +0500
Message-ID: <yw8pj50om7igw8xwxd2fon4q.1486574928465@email.android.com>
From: podkorytov <podkorytov@mail.ru>
To: jmap@ietf.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.android.email_283888514375122"
Authentication-Results: smtp58.i.mail.ru; auth=pass smtp.auth=podkorytov@mail.ru smtp.mailfrom=podkorytov@mail.ru
X-E1FCDC63: 4545FA44942FE8DD9EBB7D673DC460D8
X-E1FCDC64: 9DDFE3E4DFA4299295F766CFDDEE45230E53E65140CC2AE8221106CF127E2562
X-Mailru-Sender: 5D67B58A54B5C5CD025A4498BA765EDD256F0CAF0B0909F495650275A1269A1AB563E0FD049BBE8F224C9A2F61B97637
X-Mras: OK
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/FUPgGBaLAAiJrCxAum0A7cugca4>
Subject: [Jmap] JMAP security
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 17:29:02 -0000

Hello, what about JMAP client security ? 
If it will works inside web browser it can inherit it vulneriabilities and join own, 
Any browser plugins such as Adobe's or something else may be potencial hole and targets for attacks. 
Probably it question out of frames of protocol draft , but it practical thing ang may to influence on JMAP success or fail. It will works inside browser with many others web applications and pluginses.