- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Tue, 18 Nov 2014 22:40:06 -0500
- To: public-webapps@w3.org
On 11/18/14, 10:26 PM, Michaela Merz wrote: > First: We need signed script code. For what it's worth, Gecko supported this for a while. See <http://www-archive.mozilla.org/projects/security/components/signed-scripts.html>. In practice, people didn't really use it, and it made the security model a _lot_ more complicated and hard to reason about, so the feature was dropped. It would be good to understand how proposals along these lines differ from what's already been tried and failed. -Boris
Received on Wednesday, 19 November 2014 03:40:35 UTC