- From: <bugzilla@jessica.w3.org>
- Date: Wed, 04 Jun 2014 21:12:22 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 --- Comment #6 from Boris Zbarsky <bzbarsky@mit.edu> --- > There are zero mandatory algorithms. I think that's a problem! > There is no way to build a secure system on an insecure transport. I've seen you object to people making the same argument about some of the algorithms the spec defines. I don't see why a webpage that's served over http shouldn't be allowed to verify signatures or compute hashes, frankly, even if we buy the argument that it shouldn't be allowed to do encryption/decryption (which I'm not sure I do). Fundamentally, it seems like you have some set of use cases (Netflix's?) in mind but don't care about things that aren't in that set. Or something. I really can't tell what's behind this drive to disable this API except in some Google-specific set of cases. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Wednesday, 4 June 2014 21:12:24 UTC