- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 3 May 2016 22:43:36 +0200
- To: "public-web-security@w3.org" <public-web-security@w3.org>
- Cc: Anne van Kesteren <annevk@annevk.nl>, Richard Barnes <rbarnes@mozilla.com>, Marcos Caceres <mcaceres@mozilla.com>, Mike West <mkwst@google.com>
This is weird. All Mozilla folks I have been in contact with (=many) have rejected Native Messaging but now they are doing it anyway: https://wiki.mozilla.org/WebExtensions/Native_Messaging Personally I don't see the purpose with behind-the-curtain sub-standards. The TAG and WebAppSec folks have had ample of time discussing this topic including a concrete proposal: https://lists.w3.org/Archives/Public/public-web-security/2015Apr/0012.html A security review of Google's take on Native Messaging: https://lists.w3.org/Archives/Public/public-webappsec/2015Oct/0071.html Anyway, it was a bit reassuring seeing that my assertion that native messaging is inevitable turned out to be correct :-) I'm pretty sure that my analysis of the Web Payment API (=total failure) unfortunately will prove to hold as well. Anders
Received on Tuesday, 3 May 2016 20:44:23 UTC