- From: Nadim Kobeissi <nadim@nadim.cc>
- Date: Tue, 12 Jun 2012 15:49:46 -0400
- To: public-webcrypto@w3.org
Hi everyone, I believe that since we're trying to implement crypto primitives that web applications will call through served code, we should also address whether HTTPS/SSL is a good enough transport on which we can rely for those calls to be served securely. There have been many high-profile cases over the past year (Comodo, VeriSign, to name a few) that have cast the HTTPS certificate authority system in an unfavorable light. Can we agree on whether HTTPS is sufficient to be used jointly with our W3Crypto framework, or whether we need to improve it before we can rely on it as our transport? It is my opinion that the security of the transport transport is just as valuable as that of our API, and that this merits a discussion at least. It might be out of the scope of what we're hoping to accomplish here, though, and that's understandable. Thanks, NK
Received on Tuesday, 12 June 2012 19:50:22 UTC