W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2012

Re: Was: Draft Blog Post on Cryptography API, Now: Potential API recommendation caveats

From: David Dahl <ddahl@mozilla.com>
Date: Tue, 9 Oct 2012 13:14:31 -0700 (PDT)
To: David Rogers <david.rogers@copperhorses.com>
Cc: public-webcrypto@w3.org, hhalpin@w3.org, sleevi@google.com
Message-ID: <766505130.2739267.1349813671543.JavaMail.root@mozilla.com>
Wow. I am actually talking about preffing *off* the Web Crypto API and adding hindrances for use in the content DOM of web browsers and now you are concerned about the well being of millions of users? Perhaps you have not read the whole thread? You do understand that I think that this API should not be used in production web applications, only in more trusted environments like Open WebApps or extensions?


----- Original Message -----
From: "David Rogers" <david.rogers@copperhorses.com>
To: ddahl@mozilla.com
Cc: public-webcrypto@w3.org, hhalpin@w3.org, sleevi@google.com
Sent: Tuesday, October 9, 2012 2:34:19 PM
Subject: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API
    recommendation caveats

Hi David,

I have severe reservations about this and I think you are risking the credibility of this entire community by implementing it in this way, not least by putting millions of innocent users at risk.

Thanks,


David.


Sent from MobileDavid Dahl <ddahl@mozilla.com> wrote:

----- Original Message -----
> From: "David Rogers" <david.rogers@copperhorses.com>
> To: ddahl@mozilla.com, sleevi@google.com
> Cc: public-webcrypto@w3.org, hhalpin@w3.org
> Sent: Tuesday, October 9, 2012 12:25:23 PM
> Subject: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API    recommendation caveats
> 
> Hi David,
> 
> I haven't been able to keep up with all the discussion, but is this a
> serious proposal to deploy an experimental crypto api in a
> production build? Apologies if I have missed something, but if
> people want to experiment that is fine, but don't do it in a shipped
> product, it doesn't make sense and will inevitably lead to security
> issues?

Yes, of course, people will still use this API unsafely, however, if the spec has security considerations that warn developers about using this API in content DOM as dangerous and browser vendors raise warnings upon use, and even (as horrible as this sounds) a geolocation-like prompt each time the API is first used per origin, developers and endusers will be warned. 

I think it should be up to the browser vendor exactly how this is handled - the API may even be preffed off in content DOM, only available to an "Open Webapp" or "SysApp".

Allowing it to be activated one way or another will still have value for developers working on experiments.

Cheers,

David    
Received on Tuesday, 9 October 2012 20:14:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 9 October 2012 20:14:59 GMT