- From: Salz, Rich <rsalz@akamai.com>
- Date: Mon, 12 May 2014 09:56:20 -0400
- To: Harry Halpin <hhalpin@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
> Do you view these comments as "formal objection"? When do you need an answer? On the one hand, I don't want to be an ass. On the other hand, you asked for IETF review and you got it, in the form of email from Kenny and colleagues. There is no risk in incorporating the security concerns into the document; a weak mechanism is not going to suddenly "get better" it's only going to get weaker. Given that, I do not understand such strongly-expressed concern about putting such advice into the current document. I am also puzzled that nobody else on the WG has expressed any real opinion (we security types are a paranoid bunch:). As such, I am leaning toward making this a formal objection, but I will need to discuss with colleagues first. So, when do you need to know? Thanks. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rsalz@jabber.me; Twitter: RichSalz
Received on Monday, 12 May 2014 13:56:49 UTC