- From: <bugzilla@jessica.w3.org>
- Date: Fri, 16 May 2014 21:17:41 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #8 from elijah@riseup.net --- > Codesigning can be implemented (with weak CSP). However, code signing as a > first class is explicitly NOT part of our charter. That remains the realm of > WebAppSec. > ... Look, it remains quite simple: You either trust the source of the code you > are running, or you do not. The point is that entirely trusting the code is not necessarily the the only way js apps will be run in the future, but WebCrypto API should not undermine this now. > If you do not trust it, they can lie to you a million different ways, or access > your plaintext a million different ways. Again, this argument ignores (a) the important of past and future data, (b) that ciphertext <> plaintext is only one of many possible cryptographic functions, (c) the threats are not just in the browser (cloud service get hacked all the time) and I shouldn't be forced to give origin my keys. > Please read http://tonyarcieri.com/whats-wrong-with-webcrypto to understand > why the security model being argued for here is entirely broken. Yep, WebCrypto is not going to make web crypto that much better, but always allowing extractable keys only makes it worse. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 16 May 2014 21:17:42 UTC