- From: Jeffrey Walton <noloader@gmail.com>
- Date: Wed, 29 May 2013 22:54:02 -0400
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Douglas Stebila <stebila@qut.edu.au>, public-webcrypto-comments@w3.org, Harry Halpin <hhalpin@w3.org>
On Wed, May 29, 2013 at 10:37 PM, Ryan Sleevi <sleevi@google.com> wrote: > > .... > Solving the "secure delivery of code" is a non-goal of this WG. Trust TLS > (which your model, by design, does not) or use SysApps (as I earlier > suggested) have been the two responses so far for this problem. One does not have to solve the secure delivery problem to make the enhancements useful. An application loaded from an organization's application store (or side loaded via a developer) does not suffer secure delivery - they provide the initial secure delivery. Its not hard to imagine a large organization with 150,000 employees using an in-house time keeping application that takes advantage of the pre-existing relationship by pinning the time server's certificate or public key. (It can also sidestep the problems caused by the current definitions of SOP since many enterprise apps don't fetch text based ads from a third party). I believe App store application represent a non-trivial portion of applications available to a user. But I've never seen statistics on purely browser based apps versus app store apps. These app stores are going to get more popular because: (1) they are a source of revenue for the owners of the platform, and (2) they are providing vendor lock-in. So I expect to see even more apps on these app stores in the future, not fewer. Jeff
Received on Thursday, 30 May 2013 02:54:33 UTC