CDR: security section gives inadequate account of possible attacks and of proposed security model
This section gives a very incomplete account of of security attacks
potentially resulting from cross-document access. Classic cross-site
scripting attacks predate the existence of either phishing or
firewall attacks. One of the most classic cross-site scripting
exploits is accessing a site that has confidential user information
(for example a banking site that displays account numbers), requires
login, and uses a persistent login mechanism such as an HTTP cookie.
In this case, allowing a load of such a document and then granting
scripting access is a major security risk. I think this section needs
significantly more research to be complete, or at least external
Also, none of this section presents an actual suggested security
model, or discusses how one might be devised. For a spec that
admittedly has significant potatial security risks, the present
language is insufficient to address the security considerations. I
something more thorough, along the lines of "security considerations"
sections in IETF specs.