W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2012

Re: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API recommendation caveats

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 9 Oct 2012 13:05:04 -0700
Message-ID: <CACvaWvbvY5eUQ+Ka5zug8_cOq5HkoLCSHSPAbBvaZfer5b4oNA@mail.gmail.com>
To: David Rogers <david.rogers@copperhorses.com>
Cc: ddahl@mozilla.com, public-webcrypto@w3.org, hhalpin@w3.org
Hi David,

Could you please explain your concerns, so that we can evaluate if and
how they should be addressed?

It remains completely opaque to me how simply adding a cryptographic
API (saying nothing about the key storage) presents a risk to millions
of users, innocent or not.

On Tue, Oct 9, 2012 at 12:34 PM, David Rogers
<david.rogers@copperhorses.com> wrote:
> Hi David,
>
> I have severe reservations about this and I think you are risking the
> credibility of this entire community by implementing it in this way, not
> least by putting millions of innocent users at risk.
>
> Thanks,
>
>
> David.
>
>
> Sent from Mobile
>
> David Dahl <ddahl@mozilla.com> wrote:
>
>
> ----- Original Message -----
>> From: "David Rogers" <david.rogers@copperhorses.com>
>> To: ddahl@mozilla.com, sleevi@google.com
>> Cc: public-webcrypto@w3.org, hhalpin@w3.org
>> Sent: Tuesday, October 9, 2012 12:25:23 PM
>> Subject: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API
>> recommendation caveats
>>
>> Hi David,
>>
>> I haven't been able to keep up with all the discussion, but is this a
>> serious proposal to deploy an experimental crypto api in a
>> production build? Apologies if I have missed something, but if
>> people want to experiment that is fine, but don't do it in a shipped
>> product, it doesn't make sense and will inevitably lead to security
>> issues?
>
> Yes, of course, people will still use this API unsafely, however, if the
> spec has security considerations that warn developers about using this API
> in content DOM as dangerous and browser vendors raise warnings upon use, and
> even (as horrible as this sounds) a geolocation-like prompt each time the
> API is first used per origin, developers and endusers will be warned.
>
> I think it should be up to the browser vendor exactly how this is handled -
> the API may even be preffed off in content DOM, only available to an "Open
> Webapp" or "SysApp".
>
> Allowing it to be activated one way or another will still have value for
> developers working on experiments.
>
> Cheers,
>
> David
Received on Tuesday, 9 October 2012 20:05:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 9 October 2012 20:05:32 GMT