- From: Sainan <notifications@github.com>
- Date: Sun, 13 Oct 2024 11:54:34 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Sunday, 13 October 2024 18:54:38 UTC
Not that it really matters now that this feature is already well-established, but as a netizen, I am disappointed that this feature is limited to "secure contexts." I do understand that cryptographic primitives like key generation should not be available in insecure contexts to avoid developers assuming something is secure when a MITM attack could compromise their app. However, I don't think this justification applies to `crypto.generateUUID()` as it is pretty basic primitive function that, if it were cryptographically unsound, would realistically not have any adverse effects. Making this function unavailable for arbitrary reasons just gives the (insecure) web a smaller standard library — and the web is already bad enough without such sabotage. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/623#issuecomment-2409085695 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/623/2409085695@github.com>
Received on Sunday, 13 October 2024 18:54:38 UTC