- From: <bugzilla@jessica.w3.org>
- Date: Mon, 28 Jul 2014 19:21:09 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #20 from Tom Lowenthal <me@tomlowenthal.com> --- Virgin's suggestion that UI is out of scope removes one possible mitigation of the issue, not the issue itself. A review by WebAppSec might well be useful in finding a more agreeable solution. I remain in substantial objection to extractable keys as described. They seem grossly incompatible with the goal of implementing secure application protocols on the level of web applications. Not least of which precisely *because* of risks such as XSS and the code delivery problem of which we are all aware. As it stands, the spec doesn't seem on track to implement a solution which will be actually useful at achieving the first goal specified in the WG's charter. I hope to find a solution which will allow developers to implement trustworthy applications. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 28 July 2014 19:21:11 UTC