- From: <bugzilla@jessica.w3.org>
- Date: Mon, 07 Apr 2014 17:30:39 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25271 --- Comment #4 from Joe Steele <steele@adobe.com> --- (In reply to David Dorwin from comment #3) > In addition to security/privacy, the goal is also to have consistent > behavior. If some implementations leak keys and others don't, applications > built for the former might not work with the latter. > > Is your concern keys in hardware or provisioned keys? If so, those keys > don't belong to a key session, so this text would not apply. I disagree that provisioned keys are part of a key session, as I mentioned in another thread. Putting that aside, if those key types should not be covered by this text, then the text should be be more specific about the types of keys it covers. For example: "An application in one origin should not be able to detect the existence of _content_ keys in another origin via timing." -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 7 April 2014 17:30:41 UTC