- From: Ryan Sleevi <sleevi@google.com>
- Date: Tue, 30 Oct 2012 16:28:19 -0700
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Tue, Oct 30, 2012 at 9:57 AM, Anders Rundgren <anders.rundgren@telia.com> wrote: > http://www.w3.org/2012/webcrypto/WebCryptoAPI/#out-of-band-keys > > "...User agents may choose to expose such keys to web applications after implementing > appropriate security and privacy mitigations, such as gaining user consent or other > out-of-band authorization..." > > Every UA-maker will (have to) make their own interpretation on what is appropriate > since "appropriate" is pretty subjective. Yes. UAs do this with every single feature of the web platform - standard or experimental. They do it with every single thing you may take for granted today, and will continue to do every single day it for every single feature that has existed or will be implemented. That UAs must care about security and usability should hopefully come as no surprise. > > The "Korean use-case" is stone-dead. > > Anders > >
Received on Tuesday, 30 October 2012 23:28:47 UTC