W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: State of the WebCrypto API

From: Jeffrey Walton <noloader@gmail.com>
Date: Sun, 11 Oct 2015 17:41:11 -0400
Message-ID: <CAH8yC8ncdrOwryreabXSiOumm-tMxJjLapmOAYq2PB_PaOs4wg@mail.gmail.com>
To: Tony Arcieri <bascule@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
On Sun, Oct 11, 2015 at 5:08 PM, Tony Arcieri <bascule@gmail.com> wrote:
> On Sunday, October 11, 2015, Jeffrey Walton <noloader@gmail.com> wrote:
>>
>> Telling folks to upgrade to Windows 8 or 10 is just bike shedding. Its
>> not a answer....
>
>
> Actually, I gave several options, all of which solve this problem:
>
> 1) Use this shim: https://github.com/vibornoff/webcrypto-shim
> 2) Use a more modern browser
> 3) Use a more modern OS

Two and three are not really solutions, they are simply bikeshedding.
Two can increase attack surface, and even violate policy. For example,
a corporate policy may prohibit installing non essential software like
the Firefox browser on a Windows server. For those who don't violate
policy, they have an increased attack surface.

The shim looks promising. But what's the point if WebCrypto is
supposed to standardize these things? Why not forgo all the WebCrypto
working group gyrations and skip to the shim?

Jeff
Received on Sunday, 11 October 2015 21:41:39 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 11 October 2015 21:41:40 UTC