On Fri, Apr 24, 2015 at 4:12 PM, mark a. foltz <mfoltz@google.com> wrote: > Security for the messaging channel vs. the security status of the > controlling and presenting origins is an interesting topic. We've had some > preliminary discussions in Chrome about this, but nothing firm enough to > propose, so I'm glad to have an opportunity to discuss this in the group. > > On Mon, Apr 20, 2015 at 5:13 AM, Francois Daoust <fd@w3.org> wrote: > >> On 2015-04-17 17:42, Matt Hammond wrote: >> [...] >> >>> Note that there may be ways for a user agent to establish a secure >>>> communication channel with a device, for instance following a similar >>>> mechanism to that described for the Named Web Sockets proposal [3]. >>>> >>> >>> Thanks for the reference, I'll read it properly, but after a first >>> glance through, my initial question would be how to keep the password >>> secret if (presumably) it would be provided by the HTML application? >>> >> >> I do not know. I was more pointing at that mechanism as food for thought >> :) >> >> >> >>> I do not know how this could work for existing devices, though. Did I >>>> miss something obvious? Is there a simple solution? >>>> >>> >>> I'll create an issue on GitHub to track this down otherwise. This is >>>> not specific to HbbTV. >>> >>> > I will do this now. > Filed https://github.com/w3c/presentation-api/issues/80 m.
Received on Friday, 24 April 2015 23:20:36 UTC