- From: Zooko Wilcox-OHearn <zooko@leastauthority.com>
- Date: Mon, 27 Aug 2012 14:09:09 -0600
- To: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
- Cc: Ryan Sleevi <sleevi@google.com>, Wan-Teh Chang <wtc@google.com>, David Dahl <ddahl@mozilla.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Folks: I'm not sure, but I *think* requiring CSP might break some of my uses cases. If you're going to go ahead with this notion of requiring CSP, then I'll have to read and think about it more and try to figure out if this would be a problem for me, and if it would then I'll have to try to explain why. But, if you'll just leave it out of the spec, then I won't have to do that, and likewise all the implementers and users of the spec will also have one less thing to think about. :-) Okay, so I just ordered a copy of Zalewski's "The Tangled Web" ¹ to help me understand this stuff better. But, please, as a favor to over-worked and under-educated people like myself, could we omit things that don't have a really compelling "WE MUST HAVE THIS NOW!" flavor to them? Thanks. Regards, Zooko ¹ http://nostarch.com/tangledweb.htm
Received on Monday, 27 August 2012 20:09:37 UTC