W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: Request for feedback: DOMCrypt API proposal

From: David Dahl <ddahl@mozilla.com>
Date: Mon, 6 Jun 2011 09:29:59 -0700 (PDT)
To: Jarred Nicholls <jarred@sencha.com>
Cc: public-web-security@w3.org
Message-ID: <320213691.125484.1307377799005.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>


----- Original Message -----
From: "Jarred Nicholls" <jarred@sencha.com>
To: public-web-security@w3.org
Sent: Monday, June 6, 2011 6:53:15 AM
Subject: Re: Request for feedback: DOMCrypt API proposal

>  I'm with Anders, we should flush out a well-thought user story first and
see what the target use cases are (specifically WRT key management and
consumption).  I'm good with seeing a v1 be simplified and inherently secure
by scoping its usage to same-origin 100%, and do a sibling spec later for
cross-origin & device key sharing.  Just a thought...

I agree, keeping these concerns for interoperability is important, but a simpler starting point is a necessity.

(Via comments here and elsewhere, I removed the addressbook API for this reason. I can see a web app able to provide an addressbook.  A web app addressbook can maybe become a prototype for a browser API down the road.)

Regards,

David
Received on Monday, 6 June 2011 16:30:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 June 2011 16:30:28 GMT