- From: Ryan Sleevi <sleevi@google.com>
- Date: Fri, 31 Aug 2012 12:27:28 -0700
- To: Zooko Wilcox-OHearn <zooko@leastauthority.com>
- Cc: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, Wan-Teh Chang <wtc@google.com>, David Dahl <ddahl@mozilla.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
On Mon, Aug 27, 2012 at 1:09 PM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote: > Folks: > > I'm not sure, but I *think* requiring CSP might break some of my uses > cases. If you're going to go ahead with this notion of requiring CSP, > then I'll have to read and think about it more and try to figure out > if this would be a problem for me, and if it would then I'll have to > try to explain why. > > But, if you'll just leave it out of the spec, then I won't have to do > that, and likewise all the implementers and users of the spec will > also have one less thing to think about. :-) > > Okay, so I just ordered a copy of Zalewski's "The Tangled Web" ¹ to > help me understand this stuff better. > > But, please, as a favor to over-worked and under-educated people like > myself, could we omit things that don't have a really compelling "WE > MUST HAVE THIS NOW!" flavor to them? > > Thanks. > > Regards, > > Zooko > > ¹ http://nostarch.com/tangledweb.htm Zooko, It'd be great to know what some of the use cases are that you'd be concerned about, so that we could also give them a think over and see how CSP may negatively affect them. If you could share, that'd be great. As written, it's currently not in the spec - this was about starting the discussion, which has previously been referred to off-hand in past e-mails going back to chartering.
Received on Friday, 31 August 2012 19:27:55 UTC