- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 26 Sep 2014 21:44:18 +0200
- To: Eric Roman <ericroman@google.com>
- CC: Ryan Sleevi <sleevi@google.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
- Message-ID: <5425C212.6020003@gmail.com>
On 2014-09-26 21:30, Eric Roman wrote: > In Chrome http://localhost/ is considered a secure origin and has access to webcrypto. Perhaps this will suffice for your development purposes? > > If the server you are testing doesn't run on localhost, you could either point the HOSTS at it, or do the same thing in Chrome with a command line flag like --host-resolver-rules="MAP localhost www.myserver.com <http://www.myserver.com>" Thanx Eric, I very much appreciate your tips which certainly apply to some of the stuff I'm doing with WebCrypto. I hope that the differences between different browsers will eventually be smaller. Cheers Anders > > On Thu, Sep 25, 2014 at 2:11 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > I did not expect Google to embrace this idea since it departs from your > goals and implementation. > > Whatever the final solution will be I hope it doesn't become an implementation issue. > > I haven't been able to get a local WebCrypto-enabled system to run either due to Chrome's > specific requirement on SSL certificates so I develop using Firefox and leave Chrome > testing to the public site. This feels a bit strange. > > Anders > > On 2014-09-25 10:19, Ryan Sleevi wrote: > > > On Sep 24, 2014 11:27 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote: > > > > During my work with a WebCrypto-enabled application I found that > > Firefox "Nightly" and Chrome "Canary" have different behavior. > > > > Chrome apparently requires HTTPS (presumably also with a "genuine" > > certificate) > > Presumption is not correct. > > > for executing some (?) methods like import of keys. > > All methods. > > > > > I perfectly well understand the motives but it makes *development* harder. > > IMO, it would be better to making this requirement a recommendation. > > > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 > > > WebCrypto won't anyway be useful for people who lack insight in applied > > cryptography, secure protocols and server hardening but that's entirely OK :-) > > > > We disagree. > > http://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-are-some-web-platform-features-only-available-in-HTTPS-page-loads- > > > Cheers, > > Anders > > > > > >
Received on Friday, 26 September 2014 19:45:13 UTC