- From: Aymeric Vitte <vitteaymeric@gmail.com>
- Date: Mon, 13 May 2013 23:01:43 +0200
- To: Ryan Sleevi <sleevi@google.com>
- CC: Arun Ranganathan <arun@mozilla.com>, Anders Rundgren <anders.rundgren@telia.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Le 13/05/2013 22:43, Ryan Sleevi a écrit : >>> >>Any client-side storage mechanism can be invoked by colluding origins for >>> >>different purposes, but the difference is that you don't get HTTP behavior >>> >>or XHR in withCredentials mode (but you knew that). If they aren't in >>> >>collusion, then it's likely to be a hack. >> > >> > >> >In another email, you wrote "2. The key can be shared with origin 2 via >> >cross-origin messaging." >> >(http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0036.html), I >> >don't see how CORS could apply here, withCredentials or not, CORS is only >> >about sending/receiving things to/from other origins and sharing some >> >stringyfiable things or cookies uses, you can not share keys, the best you >> >can do is to send some information to allow another origin to find the keys. >> > >> >Maybe I am missing something but what is the idea here? > Cross-origin messaging != CORS > > Cross-origin messaging = postMessage, which takes structured clonable > objects (eg: including keys) > Yes, that's exactly my other examples, just misread and mixed it following Arun's answer about XHR and recurrent mentions to CORS in this discussion. Regards, -- jCore Email : avitte@jcore.fr iAnonym : http://www.ianonym.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms Web : www.jcore.fr Webble : www.webble.it Extract Widget Mobile : www.extractwidget.com BlimpMe! : www.blimpme.com
Received on Monday, 13 May 2013 20:59:36 UTC