- From: Ryan Sleevi <sleevi@google.com>
- Date: Tue, 9 Oct 2012 13:05:04 -0700
- To: David Rogers <david.rogers@copperhorses.com>
- Cc: ddahl@mozilla.com, public-webcrypto@w3.org, hhalpin@w3.org
Hi David, Could you please explain your concerns, so that we can evaluate if and how they should be addressed? It remains completely opaque to me how simply adding a cryptographic API (saying nothing about the key storage) presents a risk to millions of users, innocent or not. On Tue, Oct 9, 2012 at 12:34 PM, David Rogers <david.rogers@copperhorses.com> wrote: > Hi David, > > I have severe reservations about this and I think you are risking the > credibility of this entire community by implementing it in this way, not > least by putting millions of innocent users at risk. > > Thanks, > > > David. > > > Sent from Mobile > > David Dahl <ddahl@mozilla.com> wrote: > > > ----- Original Message ----- >> From: "David Rogers" <david.rogers@copperhorses.com> >> To: ddahl@mozilla.com, sleevi@google.com >> Cc: public-webcrypto@w3.org, hhalpin@w3.org >> Sent: Tuesday, October 9, 2012 12:25:23 PM >> Subject: Re: Was: Draft Blog Post on Cryptography API, Now: Potential API >> recommendation caveats >> >> Hi David, >> >> I haven't been able to keep up with all the discussion, but is this a >> serious proposal to deploy an experimental crypto api in a >> production build? Apologies if I have missed something, but if >> people want to experiment that is fine, but don't do it in a shipped >> product, it doesn't make sense and will inevitably lead to security >> issues? > > Yes, of course, people will still use this API unsafely, however, if the > spec has security considerations that warn developers about using this API > in content DOM as dangerous and browser vendors raise warnings upon use, and > even (as horrible as this sounds) a geolocation-like prompt each time the > API is first used per origin, developers and endusers will be warned. > > I think it should be up to the browser vendor exactly how this is handled - > the API may even be preffed off in content DOM, only available to an "Open > Webapp" or "SysApp". > > Allowing it to be activated one way or another will still have value for > developers working on experiments. > > Cheers, > > David
Received on Tuesday, 9 October 2012 20:05:32 UTC