- From: Tobie Langel <tobie@w3.org>
- Date: Fri, 18 Oct 2013 10:04:03 +0200
- To: Dominique Hazael-Massieux <dom@w3.org>
- Cc: Bruce Lawson <bruce@brucelawson.co.uk>, public-web-mobile@w3.org
On Friday, October 18, 2013 at 9:51 AM, Dominique Hazael-Massieux wrote: > Le jeudi 17 octobre 2013 à 13:03 +0100, Bruce Lawson a écrit : > > > * difficulty to hide the code of the app (and thus greater exposure to > > > attacks) > > > > Hiding source code feels like a mistake to me. It's literally security > > through obscurity, so shouldn't be encouraged at all > > I think there are 3 things people mean by "hiding the code": > * they don't want others to steal their code; people often qualify this > as meaning the Web force you to do open source (although that's a > mischaracterization of what open source is) > * they don't want to make it easy for others to find holes in their code > * it's nearly impossible to embed a secret (e.g. a key) in the > client-side part of the code 1. is already handled by copyright laws and patents, 2. is a known bad-practice and shouldn't be encouraged, 3. is (or should be) in scope of the WebCrypto WG. So as Dom said, 1 and 2 require education and 3 driving this as a priority in the WebCrypto WG. Best, --tobie
Received on Friday, 18 October 2013 08:03:01 UTC