[Bug 25385] clear key cannot provide basic protection, why not considering web cryptography API from bugzilla@jessica.w3.org on 2014-04-28 (public-html-bugzilla@w3.org from April 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 28 Apr 2014 19:23:54 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-25385-2486-bt5vx4oXrz@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25385

Mark Watson <watsonm@netflix.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |watsonm@netflix.com

--- Comment #3 from Mark Watson <watsonm@netflix.com> ---
I agree with David. Suggest WONTFIX.

If a site uses HTTPS, the key can be delivered to the client JS in a way that
is secure against an active MITM attack. The difficulty for the user to obtain
the key is about the same for this case as for the proposed use of WebCrypto.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 28 April 2014 19:23:56 UTC