Re: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API recommendation caveats

Hi David,

Could you please explain your concerns, so that we can evaluate if and
how they should be addressed?

It remains completely opaque to me how simply adding a cryptographic
API (saying nothing about the key storage) presents a risk to millions
of users, innocent or not.

On Tue, Oct 9, 2012 at 12:34 PM, David Rogers
<david.rogers@copperhorses.com> wrote:
> Hi David,
>
> I have severe reservations about this and I think you are risking the
> credibility of this entire community by implementing it in this way, not
> least by putting millions of innocent users at risk.
>
> Thanks,
>
>
> David.
>
>
> Sent from Mobile
>
> David Dahl <ddahl@mozilla.com> wrote:
>
>
> ----- Original Message -----
>> From: "David Rogers" <david.rogers@copperhorses.com>
>> To: ddahl@mozilla.com, sleevi@google.com
>> Cc: public-webcrypto@w3.org, hhalpin@w3.org
>> Sent: Tuesday, October 9, 2012 12:25:23 PM
>> Subject: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API
>> recommendation caveats
>>
>> Hi David,
>>
>> I haven't been able to keep up with all the discussion, but is this a
>> serious proposal to deploy an experimental crypto api in a
>> production build? Apologies if I have missed something, but if
>> people want to experiment that is fine, but don't do it in a shipped
>> product, it doesn't make sense and will inevitably lead to security
>> issues?
>
> Yes, of course, people will still use this API unsafely, however, if the
> spec has security considerations that warn developers about using this API
> in content DOM as dangerous and browser vendors raise warnings upon use, and
> even (as horrible as this sounds) a geolocation-like prompt each time the
> API is first used per origin, developers and endusers will be warned.
>
> I think it should be up to the browser vendor exactly how this is handled -
> the API may even be preffed off in content DOM, only available to an "Open
> Webapp" or "SysApp".
>
> Allowing it to be activated one way or another will still have value for
> developers working on experiments.
>
> Cheers,
>
> David

Received on Tuesday, 9 October 2012 20:05:32 UTC