Re: WebCrypto Security Analysis from Richard Barnes on 2014-03-27 (public-webcrypto@w3.org from March 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 27 Mar 2014 19:06:29 -0400
To: Aymeric Vitte <vitteaymeric@gmail.com>
Cc: Ryan Sleevi <sleevi@google.com>, Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Kelsey Cairns <kelsey.cairns@inria.fr>
Message-ID: <CAL02cgR35UpcQy_bOrzZT+iV67tYaJqbSb1d-afKxAaSLeCd8Q@mail.gmail.com>

This is really not the list for this discussion.  Please take it to
webappsec if you want to continue.


On Thu, Mar 27, 2014 at 6:36 PM, Aymeric Vitte <vitteaymeric@gmail.com>wrote:

>
> Le 27/03/2014 22:01, Ryan Sleevi a écrit :
>
>  Sure, and on Chrome, we're changing this behaviour to match Firefox (we
>> found multiple compatibility issues each time we tried - I'm surprised
>> Firefox/IE did not, but they already treat ws:// and http XHRs as active
>> mixed content that is blocked). Although we're far away from the topic at
>> hand.
>>
> What do you mean? If you can not use wss then http with ws is better than
> https with ws? That's not possible.
>
> Regards
>
> Aymeric
>
>
> --
> Peersm : http://www.peersm.com
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
>
>

Received on Thursday, 27 March 2014 23:06:58 UTC