- From: <bugzilla@jessica.w3.org>
- Date: Wed, 30 Apr 2014 05:19:27 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25385 --- Comment #6 from GEXIN1984@GMAIL.COM --- (In reply to Mark Watson from comment #3) > I agree with David. Suggest WONTFIX. > > If a site uses HTTPS, the key can be delivered to the client JS in a way > that is secure against an active MITM attack. The difficulty for the user to > obtain the key is about the same for this case as for the proposed use of > WebCrypto. I can't agree with you. HTTPS can protect the key against MITM attack. But the user can easily get key by reading JS source code. This is the bug I raised. I want to propose a method to solve the bug, but HTTPS cannot. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Wednesday, 30 April 2014 05:19:28 UTC