- From: Janusz Majnert <j.majnert@samsung.com>
- Date: Thu, 04 Apr 2013 09:20:50 +0200
- To: public-sysapps@w3.org
On 2013-04-03 22:32, Jonas Sicking wrote: > Something like a WARP based solution requires signing by a trusted > party. This has at least the following downsides > * You can't distribute your app without going through a set of > gate-keepers. And we're trying to avoid building a platform with > gate-keepers. > * Whoever does the signing can make mistakes. I.e. it's it's very hard > to find a cleverly written program that looks harmless, but that > actually steals the user's information. > > This doesn't mean that we should never rely on signing. It just means > that we should always try to find options that doesn't. I would argue that of the two solutions, faking app origin is the one that really requires signing... /Janusz
Received on Thursday, 4 April 2013 07:24:03 UTC