- From: Mike West <mkwst@google.com>
- Date: Fri, 15 Jul 2016 21:06:32 +0200
- To: Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAKXHy=fCCtbAxAunFE-eu8DdK9HicRWSg-2=6a-VhCo1Uueokg@mail.gmail.com>
+Brad and Wendy, who have opinions. On Thu, Jul 14, 2016 at 4:35 PM, Harry Halpin <hhalpin@w3.org> wrote: > We're thinking of adding a sentence saying that secure origins should be > required for the use of WebCrypto. > > In detail, we'd like to follow the definition of a secure context given > here [1], although since that document is still an editor's draft so we > will instead say that the "The top-level browsing context should be > secure when using the WebCrypto API." > I recommend against creating a one-off mechanism; the secure contexts spec is pretty far along, and I don't believe it will block your progress. I asked for a TAG review a little while ago ( https://github.com/w3ctag/spec-reviews/issues/124), and got positive feedback along with a number of small issues to fix. I made quite a bit of progress on them today, and expect to be ready to issue a CfC to move to CR ~next week. > Since all browsers support WebCrypto using TLS, this should not change > the test-suite or conformance requirements. As long as browsers enable > the usage of WebCrypto in TLS, we will not consider them non-conformant > if they offer the usage of WebCrypto outside TLS. However, given it is > not best practice, this note will at least inform developers to use TLS > properly when using WebCrypto, as otherwise (as we've seen), some > developers may believe enabling WebCrypto without TLS may give them > security properties it indeed does not. > I would suggest that one way to prevent the mismatch between developer expectation and actual guarantee is to enforce restrictions that uphold the latter. -mike
Received on Friday, 15 July 2016 19:07:21 UTC