[Bug 18085] "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin from bugzilla@jessica.w3.org on 2012-10-22 (public-html-bugzilla@w3.org from October 2012)

From: <bugzilla@jessica.w3.org>
Date: Mon, 22 Oct 2012 07:32:45 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-18085-2486-fzCxYEF5Tm@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=18085

Michael[tm] Smith <mike@w3.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #1 from Michael[tm] Smith <mike@w3.org> ---
The http+aes scheme/feature is not part of the W3C HTML5 spec and has also been
dropped from the upstream WHATWG HTML spec.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 22 October 2012 07:32:47 UTC