- From: <bugzilla@jessica.w3.org>
- Date: Mon, 28 Jul 2014 20:01:21 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #22 from Harry Halpin <hhalpin@w3.org> --- (In reply to Ryan Sleevi from comment #19) > (In reply to Harry Halpin from comment #18) > > Quick note Elijah and any others interested in this bug, > > > > Per Virginie's comment, if we formally bring this larger issue up with the > > Web Security Model up to the WebAppSec (Web Application Security Model) WG, > > would that satisfy the reviewer? > > > > Harry, > > For the sake of the members of the WG, I don't see that in Virginie's > comment, so could you please provide an example of what issue you believe > should be brought to WebAppSec? Virginie's response correctly identified > that UI is out of scope, and I'm not sure what you would want from WebAppSec > to provide, other than "Yes, this is how the Internet works, ergo this is > not a valid threat model". Virginie noted it was out of scope for WebCrypto but you noticed that the issue is more suitable for discussion in WebAppSec (https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721#c11). Thus, the issue is something valid for discussion and possible future work. However, you already noted that is not how the Web itself is designed right now, as shown by the current design of the Web Crypto API. > (In reply to Harry Halpin from comment #18) > > Quick note Elijah and any others interested in this bug, > > > > Per Virginie's comment, if we formally bring this larger issue up with the > > Web Security Model up to the WebAppSec (Web Application Security Model) WG, > > would that satisfy the reviewer? > > > > Harry, > > For the sake of the members of the WG, I don't see that in Virginie's > comment, so could you please provide an example of what issue you believe > should be brought to WebAppSec? Virginie's response correctly identified > that UI is out of scope, and I'm not sure what you would want from WebAppSec > to provide, other than "Yes, this is how the Internet works, ergo this is > not a valid threat model". -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 28 July 2014 20:01:23 UTC