Re: WebCrypto Security Analysis from Ryan Sleevi on 2014-03-28 (public-webcrypto@w3.org from March 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 27 Mar 2014 17:23:16 -0700
To: Aymeric Vitte <vitteaymeric@gmail.com>
Cc: Mark Watson <watsonm@netflix.com>, Kelsey Cairns <kelsey.cairns@inria.fr>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Richard Barnes <rlb@ipv.sx>
Message-ID: <CACvaWvapxCjMt31gVDbuHuVK9QZjvh=o=HirUB-=5rxH6jrY_Q@mail.gmail.com>

Aymeric,

This discussion is not appropriate for this list.

The behavior of browsers regarding WS:// vs WSS:// over HTTP:// vs
HTTPS://is not appropriate for WebCrypto.

On Mar 27, 2014 5:17 PM, "Aymeric Vitte" <vitteaymeric@gmail.com> wrote:
>
> No, as I wrote, other lists feedback is useless.
>
> Please, answer the question.
>
> Le 28/03/2014 00:06, Richard Barnes a écrit :
>>
>> This is really not the list for this discussion.  Please take it to
webappsec if you want to continue.
>>
>>
>> On Thu, Mar 27, 2014 at 6:36 PM, Aymeric Vitte <vitteaymeric@gmail.com>
wrote:
>>>
>>>
>>> Le 27/03/2014 22:01, Ryan Sleevi a écrit :
>>>
>>>> Sure, and on Chrome, we're changing this behaviour to match Firefox
(we found multiple compatibility issues each time we tried - I'm surprised
Firefox/IE did not, but they already treat ws:// and http XHRs as active
mixed content that is blocked). Although we're far away from the topic at
hand.
>>>
>>> What do you mean? If you can not use wss then http with ws is better
than https with ws? That's not possible.
>>>
>>> Regards
>>>
>>> Aymeric
>>>
>>>
>>> --
>>> Peersm : http://www.peersm.com
>>> node-Tor : https://www.github.com/Ayms/node-Tor
>>> GitHub : https://www.github.com/Ayms
>>>
>>
>
> --
> Peersm : http://www.peersm.com
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms

Received on Friday, 28 March 2014 00:23:43 UTC