[webauthn] Secure context should be MUST not SHOULD from Vijay Bharadwaj via GitHub on 2016-07-20 (public-webauthn@w3.org from July 2016)

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Jul 2016 06:14:28 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-166503457-1468995267-sysbot+gh@w3.org>

vijaybh has just created a new issue for 
https://github.com/w3c/webauthn:

== Secure context should be MUST not SHOULD ==
WebAuthn depends on origin isolation to provide privacy protection for
 the user. Also, if origins can be spoofed, then MITM attacks become 
possible. Currently the spec says secure contexts SHOULD be required. 
We SHOULD really upgrade this to a MUST...

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/146 using your GitHub account

Received on Wednesday, 20 July 2016 06:14:39 UTC