W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 25721] extractable keys should be disabled by default

From: <bugzilla@jessica.w3.org>
Date: Mon, 28 Jul 2014 18:50:46 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-4tNDLJrV49@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721

--- Comment #19 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Harry Halpin from comment #18)
> Quick note Elijah and any others interested in this bug,
> 
> Per Virginie's comment, if we formally bring this larger issue up with the
> Web Security Model up to the WebAppSec (Web Application Security Model) WG,
> would that satisfy the reviewer?
> 

Harry,

For the sake of the members of the WG, I don't see that in Virginie's comment,
so could you please provide an example of what issue you believe should be
brought to WebAppSec? Virginie's response correctly identified that UI is out
of scope, and I'm not sure what you would want from WebAppSec to provide, other
than "Yes, this is how the Internet works, ergo this is not a valid threat
model".

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 28 July 2014 18:50:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC