- From: carlo von lynX <lynX@time.to.get.psyced.org>
- Date: Tue, 20 May 2014 08:43:03 +0200
- To: liberationtech <liberationtech@mailman.stanford.edu>, public-webcrypto-comments@w3.org
Thank you for a faceted browser API. When Netscape introduced livescript in 1995, who would have thought it would have one day be employed for opportunistic end-to-end encryption and similar jobs. I would kindly ask you to mention in the opening words that such an API can only be used in an "opportunistic" fashion as the JS code intended to use this API itself somehow has to be delivered to the browser, which is an as yet unsolved problem considering the failures of certification authorities in the past. There is a fundamental flaw in the security architecture of the web and this new API does not address that. Please make that clear, or you may stir false hopes and become responsible for potential consequences. People may be developing sensitive applications with this, not being aware that any certification authority of any country on earth can insert malicious code. Best, CvL -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet
Received on Tuesday, 20 May 2014 14:31:49 UTC