W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2014

Re: WebCrypto Security Analysis

From: Aymeric Vitte <vitteaymeric@gmail.com>
Date: Fri, 28 Mar 2014 10:53:39 +0100
Message-ID: <533546A3.8050909@gmail.com>
To: Ryan Sleevi <sleevi@google.com>
CC: Mark Watson <watsonm@netflix.com>, Kelsey Cairns <kelsey.cairns@inria.fr>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Richard Barnes <rlb@ipv.sx>
We had similar discussions on this list... Then thanks if you can tell 
me offline why Chrome has decided to change its policy.

Regards

Aymeric

Le 28/03/2014 01:23, Ryan Sleevi a écrit :
>
> Aymeric,
>
> This discussion is not appropriate for this list.
>
> The behavior of browsers regarding WS:// vs WSS:// over HTTP:// vs 
> HTTPS:// is not appropriate for WebCrypto.
>
> On Mar 27, 2014 5:17 PM, "Aymeric Vitte" <vitteaymeric@gmail.com 
> <mailto:vitteaymeric@gmail.com>> wrote:
> >
> > No, as I wrote, other lists feedback is useless.
> >
> > Please, answer the question.
> >
> > Le 28/03/2014 00:06, Richard Barnes a écrit :
> >>
> >> This is really not the list for this discussion.  Please take it to 
> webappsec if you want to continue.
> >>
> >>
> >> On Thu, Mar 27, 2014 at 6:36 PM, Aymeric Vitte 
> <vitteaymeric@gmail.com <mailto:vitteaymeric@gmail.com>> wrote:
> >>>
> >>>
> >>> Le 27/03/2014 22:01, Ryan Sleevi a écrit :
> >>>
> >>>> Sure, and on Chrome, we're changing this behaviour to match 
> Firefox (we found multiple compatibility issues each time we tried - 
> I'm surprised Firefox/IE did not, but they already treat ws:// and 
> http XHRs as active mixed content that is blocked). Although we're far 
> away from the topic at hand.
> >>>
> >>> What do you mean? If you can not use wss then http with ws is 
> better than https with ws? That's not possible.
> >>>
> >>> Regards
> >>>
> >>> Aymeric
> >>>
> >>>
> >>> --
> >>> Peersm : http://www.peersm.com
> >>> node-Tor : https://www.github.com/Ayms/node-Tor
> >>> GitHub : https://www.github.com/Ayms
> >>>
> >>
> >
> > --
> > Peersm : http://www.peersm.com
> > node-Tor : https://www.github.com/Ayms/node-Tor
> > GitHub : https://www.github.com/Ayms
>

-- 
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
Received on Friday, 28 March 2014 09:54:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:02:41 UTC