- From: <bugzilla@jessica.w3.org>
- Date: Wed, 07 Mar 2012 08:49:01 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=16248
Summary: "all content using the http+aes scheme on the same
host (and same port) shares the same origin and can
therefore leak the keys" - unless there's a use case
for supporting this, it seems more robust to make
http(s)+aes never be same-origin
Product: HTML WG
Version: unspecified
Platform: Other
URL: http://www.whatwg.org/specs/web-apps/current-work/#htt
p+aes-scheme
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: other Hixie drafts (editor: Ian Hickson)
AssignedTo: ian@hixie.ch
ReportedBy: contributor@whatwg.org
QAContact: public-html-bugzilla@w3.org
CC: mike@w3.org, simonp@opera.com
Specification:
http://www.whatwg.org/specs/web-apps/current-work/multipage/iana.html
Multipage: http://www.whatwg.org/C#http+aes-scheme
Complete: http://www.whatwg.org/c#http+aes-scheme
Comment:
"all content using the http+aes scheme on the same host (and same port) shares
the same origin and can therefore leak the keys" - unless there's a use case
for supporting this, it seems more robust to make http(s)+aes never be
same-origin
Posted from: 88.131.66.80 by simonp@opera.com
User agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.2; U; en)
Presto/2.10.229 Version/11.61
--
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 7 March 2012 08:49:07 UTC