Re: Web Cryptography Working Group scoping progressing...

On 4 Nov 2011, at 00:37, Brian Smith wrote:

> Henry Story wrote:
>> "API access to control of SSL/TLS logout, "
>> +1 on that one. Thanks for adding it.
> Actually, I disagree that this is the proper place for this to be standardized, since there are also non-TLS scenerios where no crypto is used but where a logout mechanism is needed (e.g. for HTTP basic auth).

Logout in TLS can be done already in Firefox and IE, with the following JavaScript

function logout(elem) {
   if (document.all == null) {
      if (window.crypto) {
              return false; //firefox ok -- no need to follow the link
          } catch (err) {//Safari, Opera, Chrome -- try with tis session breaking
      } else { //also try with session breaking
   } else { // MSIE 6+
      return false;
   return true

I suggest that the group take it on, and either specify it or help find the group that will specify it so that it can work on all browsers.

> I would prefer for the working group to focus on the crypto API.
> - Brian

Social Web Architect

Received on Friday, 4 November 2011 09:23:37 UTC