[Bug 25972] Please require a secure origin from bugzilla@jessica.w3.org on 2014-06-05 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Jun 2014 01:01:47 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25972-7213-WgvhJsuE3w@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972

--- Comment #11 from Boris Zbarsky <bzbarsky@mit.edu> ---
1) I think the secure origin definitions we have right now are way too
restrictive no matter how you slice it.

2) I strongly suspect, though I have not performed exhaustive analysis to prove
this, that there are parts of the SubtleCrypto for which the secure transport
requirement is too restrictive.  I further believe that it's very hard to
define "secure transport".  Is data: a secure transport?  javascript:?  It sort
of depends... just like http:// can be sometimes, depending on various things
as you noted.

3) I think having something this basic not interoperable across UAs is a really
bad idea, so whatever it is we do here we should aim for agreement across UAs
and then actually specify that agreement, not just have them ship incompatible
things.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 5 June 2014 01:01:49 UTC