- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 25 Sep 2014 11:11:27 +0200
- To: Ryan Sleevi <sleevi@google.com>
- CC: public-webcrypto-comments@w3.org
I did not expect Google to embrace this idea since it departs from your goals and implementation. Whatever the final solution will be I hope it doesn't become an implementation issue. I haven't been able to get a local WebCrypto-enabled system to run either due to Chrome's specific requirement on SSL certificates so I develop using Firefox and leave Chrome testing to the public site. This feels a bit strange. Anders On 2014-09-25 10:19, Ryan Sleevi wrote: > > On Sep 24, 2014 11:27 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > > > During my work with a WebCrypto-enabled application I found that > > Firefox "Nightly" and Chrome "Canary" have different behavior. > > > > Chrome apparently requires HTTPS (presumably also with a "genuine" > > certificate) > > Presumption is not correct. > > > for executing some (?) methods like import of keys. > > All methods. > > > > > I perfectly well understand the motives but it makes *development* harder. > > IMO, it would be better to making this requirement a recommendation. > > > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 > > > WebCrypto won't anyway be useful for people who lack insight in applied > > cryptography, secure protocols and server hardening but that's entirely OK :-) > > > > We disagree. > > http://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-are-some-web-platform-features-only-available-in-HTTPS-page-loads- > > > Cheers, > > Anders > > >
Received on Thursday, 25 September 2014 09:12:20 UTC