- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 25 Sep 2014 01:19:50 -0700
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: public-webcrypto-comments@w3.org
Received on Thursday, 25 September 2014 08:20:21 UTC
On Sep 24, 2014 11:27 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com> wrote: > > During my work with a WebCrypto-enabled application I found that > Firefox "Nightly" and Chrome "Canary" have different behavior. > > Chrome apparently requires HTTPS (presumably also with a "genuine" > certificate) Presumption is not correct. > for executing some (?) methods like import of keys. All methods. > > I perfectly well understand the motives but it makes *development* harder. > IMO, it would be better to making this requirement a recommendation. > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 > WebCrypto won't anyway be useful for people who lack insight in applied > cryptography, secure protocols and server hardening but that's entirely OK :-) > We disagree. http://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-are-some-web-platform-features-only-available-in-HTTPS-page-loads- > Cheers, > Anders >
Received on Thursday, 25 September 2014 08:20:21 UTC