- From: Marcos Caceres <w3c@marcosc.com>
- Date: Mon, 31 Mar 2014 12:29:26 -0400
- To: sysapps <public-sysapps@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
On March 31, 2014 at 11:44:11 AM, Anders Rundgren (anders.rundgren.net@gmail.com) wrote: > > I have some questions regarding the current draft. > > It seems that the Raw Socket API can only be used by "trusted applications". > I don't know exactly what that is, or more specifically: who is > the trusting party? > > Personally, I have limited faith in end-users' decisions to > install trusted applications. We will try to make it web facing. > If this specification rather (implicitly?) relies of pre-installed > trusted applications, it get > pretty fuzzy since even if the application is trusted it doesn't > automatically mean that > you are welcome with your UPD or TCP requests everywhere. > > If the sample application UPnP does not in itself presume trusted > connects, I do not really > see why the callers need to be trusted either. > > For requests that actually needs to be trusted, DTLS and TLS using > CCA (Client Certificate > Authentication) ought to be a more scalable solution than using > trusted applications. Do any browsers support this CCA thing?
Received on Monday, 31 March 2014 16:29:56 UTC