Re: Secure context requirement? from Mark Watson on 2016-04-22 (public-webcrypto@w3.org from April 2016)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 22 Apr 2016 11:50:02 -0700
To: Charles Engelke <w3c@engelke.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdDO5_ef7wO6RGnmO20EigX2ir7tQ1jes7XE6sBYom-Xug@mail.gmail.com>

IIRC, it was never agreed in the Working Group that WebCrypto must be
restricted to secure contexts. Chrome have chosen to do so, but I believe
this restriction does not apply in other browsers.

...Mark

On Fri, Apr 22, 2016 at 11:39 AM, Charles Engelke <w3c@engelke.com> wrote:

> I know that the intention is to require a secure context for using the
> Web Cryptography API, and browsers currently do that, but is that
> written into the spec? I couldn't find it (but maybe I was looking for
> the wrong wording).
>
> I'm writing tests for key generation, and right now I'm just checking
> for a secure context and skipping all the tests if I'm not in one. But
> perhaps I should explicitly check that the API won't run in such a
> context. If so, is there a rule for what kind of exception should be
> thrown by the browser?
>
> Charlie
>
>

Received on Friday, 22 April 2016 18:50:31 UTC