- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 31 Mar 2014 17:43:20 +0200
- To: sysapps <public-sysapps@w3.org>
I have some questions regarding the current draft. It seems that the Raw Socket API can only be used by "trusted applications". I don't know exactly what that is, or more specifically: who is the trusting party? Personally, I have limited faith in end-users' decisions to install trusted applications. If this specification rather (implicitly?) relies of pre-installed trusted applications, it get pretty fuzzy since even if the application is trusted it doesn't automatically mean that you are welcome with your UPD or TCP requests everywhere. If the sample application UPnP does not in itself presume trusted connects, I do not really see why the callers need to be trusted either. For requests that actually needs to be trusted, DTLS and TLS using CCA (Client Certificate Authentication) ought to be a more scalable solution than using trusted applications. Pardon me if I have gotten it all wrong, I just skimmed through the draft! thanx, Anders
Received on Monday, 31 March 2014 15:43:51 UTC