- From: <mcaceres@mozilla.com>
- Date: Wed, 4 May 2016 08:54:13 +1000
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>, Anne van Kesteren <annevk@annevk.nl>, Richard Barnes <rbarnes@mozilla.com>, Mike West <mkwst@google.com>
> On 4 May 2016, at 6:43 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > > This is weird. > All Mozilla folks I have been in contact with (=many) have rejected Native Messaging but now they are doing it anyway: > https://wiki.mozilla.org/WebExtensions/Native_Messaging Web extensions are browser extensions and not part of the web. > > Personally I don't see the purpose with behind-the-curtain sub-standards. It's not. Those APIs don't show up in browser content. > > The TAG and WebAppSec folks have had ample of time discussing this topic including a concrete proposal: > https://lists.w3.org/Archives/Public/public-web-security/2015Apr/0012.html > > A security review of Google's take on Native Messaging: > https://lists.w3.org/Archives/Public/public-webappsec/2015Oct/0071.html > > Anyway, it was a bit reassuring seeing that my assertion that native messaging is inevitable turned out to be correct :-) > I'm pretty sure that my analysis of the Web Payment API (=total failure) unfortunately will prove to hold as well. > > Anders > >
Received on Tuesday, 3 May 2016 22:54:46 UTC