- From: Jeffrey Walton <noloader@gmail.com>
- Date: Wed, 31 Jul 2013 02:11:43 -0400
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Wed, Jul 31, 2013 at 1:56 AM, Anders Rundgren <anders.rundgren@telia.com> wrote: > http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html#web-messaging > > It seems that it could be useful for a receiver to get the TLS certificate of the calling party. > Then it could do whatever validation it wants, including sending it to a trusted party. Their HTTP example adds no security. It might even give folks a flase sense of security. It would be nice to see their HTTPS example, and what precisely they are validating. If its simply the domain or URL, then its no better than HTTP. Burp Proxy for the win? Jeff
Received on Wednesday, 31 July 2013 06:12:10 UTC