- From: David Dahl <ddahl@mozilla.com>
- Date: Mon, 6 Jun 2011 09:29:59 -0700 (PDT)
- To: Jarred Nicholls <jarred@sencha.com>
- Cc: public-web-security@w3.org
----- Original Message ----- From: "Jarred Nicholls" <jarred@sencha.com> To: public-web-security@w3.org Sent: Monday, June 6, 2011 6:53:15 AM Subject: Re: Request for feedback: DOMCrypt API proposal > I'm with Anders, we should flush out a well-thought user story first and see what the target use cases are (specifically WRT key management and consumption). I'm good with seeing a v1 be simplified and inherently secure by scoping its usage to same-origin 100%, and do a sibling spec later for cross-origin & device key sharing. Just a thought... I agree, keeping these concerns for interoperability is important, but a simpler starting point is a necessity. (Via comments here and elsewhere, I removed the addressbook API for this reason. I can see a web app able to provide an addressbook. A web app addressbook can maybe become a prototype for a browser API down the road.) Regards, David
Received on Monday, 6 June 2011 16:30:27 UTC