- From: Janusz Majnert <j.majnert@samsung.com>
- Date: Tue, 15 Jan 2013 09:39:15 +0100
- To: public-sysapps@w3.org
Hi John, Ryan, all, First, please note that using https for delivery of an app is not the only way of ensuring its integrity. I don't think https has any added value if an application package is for example signed or doesn't access any security or privacy relevant APIs. Second, requiring https doesn't really mean anything. If we insist on having it in the standard, shouldn't we also require that the source of the package is trusted (by the user, device owner?) or mandate OCSP and CRL checks for the certificates? Best regards, Janusz Majnert Samsung Electronics Poland
Received on Tuesday, 15 January 2013 08:40:00 UTC