- From: Aymeric Vitte <vitteaymeric@gmail.com>
- Date: Wed, 26 Mar 2014 01:29:25 +0100
- To: Oliver Hunt <oliver@apple.com>
- CC: Mark Watson <watsonm@netflix.com>, Ryan Sleevi <sleevi@google.com>, Richard Barnes <rlb@ipv.sx>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Kelsey Cairns <kelsey.cairns@inria.fr>
Maybe you did not read everything ("with https, a kind of artifice..."),
that's exactly what I am saying.
Regards
Aymeric
Le 25/03/2014 19:06, Oliver Hunt a écrit :
> On Mar 25, 2014, at 7:49 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote:
>
>> This thread shows that maybe someone should then ask Mozilla to change its policy.
>>
>> As explained in [1] Presentation "Why the main page is not using https", we are forced to use http to load the main page
> It doesn’t matter if you try to load subsequent code over https - the moment any content is distributed over http any subsequent secure loads are irrelevant because an attacker can already replace your content with whatever they choose. WebCrypto does not save you.
>
> —Oliver
>
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
Received on Wednesday, 26 March 2014 00:30:14 UTC