- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 31 Mar 2014 19:26:15 +0200
- To: Marcos Caceres <w3c@marcosc.com>
- Cc: sysapps <public-sysapps@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
* Marcos Caceres wrote: >On March 31, 2014 at 11:44:11 AM, Anders Rundgren (anders.rundgren.net@gmail.com) wrote: >> It seems that the Raw Socket API can only be used by "trusted applications". >> I don't know exactly what that is, or more specifically: who is >> the trusting party? >We will try to make it web facing. There is extensive documentation on the web about experiences with that in Java, Flash, and in the development of the Websocket protocol. There is little reason to think browser vendors would make a raw socket API available to web content without considerable evidence that it cannot be used to attack intermediaries, among other things. >Do any browsers support this CCA thing? All mainstream browsers since the early versions of the SSL protocol, more or less, support client certificate authentication, as far as I am aware. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 31 March 2014 17:26:47 UTC