On Fri, Apr 24, 2015 at 4:12 PM, mark a. foltz <mfoltz@google.com> wrote:
> Security for the messaging channel vs. the security status of the
> controlling and presenting origins is an interesting topic. We've had some
> preliminary discussions in Chrome about this, but nothing firm enough to
> propose, so I'm glad to have an opportunity to discuss this in the group.
>
> On Mon, Apr 20, 2015 at 5:13 AM, Francois Daoust <fd@w3.org> wrote:
>
>> On 2015-04-17 17:42, Matt Hammond wrote:
>> [...]
>>
>>> Note that there may be ways for a user agent to establish a secure
>>>> communication channel with a device, for instance following a similar
>>>> mechanism to that described for the Named Web Sockets proposal [3].
>>>>
>>>
>>> Thanks for the reference, I'll read it properly, but after a first
>>> glance through, my initial question would be how to keep the password
>>> secret if (presumably) it would be provided by the HTML application?
>>>
>>
>> I do not know. I was more pointing at that mechanism as food for thought
>> :)
>>
>>
>>
>>> I do not know how this could work for existing devices, though. Did I
>>>> miss something obvious? Is there a simple solution?
>>>>
>>>
>>> I'll create an issue on GitHub to track this down otherwise. This is
>>>> not specific to HbbTV.
>>>
>>>
> I will do this now.
>
Filed https://github.com/w3c/presentation-api/issues/80
m.