MIDI-CI messages without sysex permission

[chrisguttandin]

MIDI-CI messages are backwards compatible with MIDI v1. Technically they are just System Exclusive messages. But they follow a strict protocol just like any other regular MIDI message.

I think it's a bit overkill to ask the user for the permission to send sysex messages when only sending MIDI-CI messages. Therefore I would propose to allow MIDI-CI messages even though the user only gave permission for { name: 'midi' } and didn't explicitly opt-in with { name: 'midi', sysex: true }.

[bradisbell]

Dropping the extra permission for SysEx entirely solves this problem among others.

No real semantic meaning can definitively be assumed about sysex-or-not If there's a security concern, it should be read/read-write instead of midi/midi+sysex.

[cwilso]

It would be a significant task to do a privacy and security review of MIDI-CI (https://developer.apple.com/documentation/coremidi/midi_capability_inquiry), and it IS adding additional privacy surface area (you can tell a lot more about what devices are connected to a MIDI port). Before looking at Apple's MIDI-CI, I would also enable MIDI machine controls without sysex (https://www.midi.org/specifications/midi1-specifications/rp-013-v1-0-midi-machine-control-specification-96-1-4) - but I think most systems are going to require significant permissions to get MIDI access anyway (Firefox does, and Chromium is intending to add permissions for basic MIDI.). I'm not sure this is worthwhile.

[chrisguttandin]

@bradisbell I'm not sure if dropping the extra sysex permission flag would be realistic anytime soon. Looks like things are going the other direction. But if they do and users have to click several times even before they can use Web MIDI without sysex it might make not much difference anymore to ask for it, too.

@cwilso Oh yes, you're totally right. I reveals a lot more infos and might be a privacy issue. I totally forgot about that aspect.