W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: State of the WebCrypto API

From: Jeffrey Walton <noloader@gmail.com>
Date: Sun, 11 Oct 2015 19:33:41 -0400
Message-ID: <CAH8yC8kuGfjhPrD9bgSAa8JoMjWOuFdqr8QKW1_m+7Ttabs8Wg@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
> I agree we should be respectful of other people's point of view.
> Nonetheless, it is hard to understand how people can simply be wrong about
> the basics again and again. For example, expecting older browsers or
> operating systems to support standards made since their release seems a bit
> backwards. In general, upgrades fix security holes as well.

There are two different concepts here. The first is bug and security
fixes; and second is feature enhancements.

Companies like Apple and Microsoft sell their software and hardware,
so they have an obligation to fix their defective products. In some
jurisdictions, it may be a legal requirement.

> There are excellent free online courses and text-books that go over this
> stuff very well. I highly suggest, for example, Ross Anderson's textbook:
>
> http://www.cl.cam.ac.uk/~rja14/book.html

Peter Gutmann has a very good practical book, too:
https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf.

I've read both, and I don't recall either claiming its OK to ship
software, leave it unpatched and then abandon it (like Apple and
Microsoft does).

Jeff
Received on Sunday, 11 October 2015 23:34:09 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 11 October 2015 23:34:09 UTC