- From: <bugzilla@jessica.w3.org>
- Date: Wed, 22 Oct 2014 18:22:17 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 --- Comment #17 from Mark Watson <watsonm@netflix.com> --- (In reply to Ryan Sleevi from comment #16) > > For 2, the issue is not and has never been about "promoting TLS" as an > ideological point. It's about a belief, from careful evaluation of the > security properties of this API, that there is no possible net-positive > impact of this API surface without some form of code authentication. That > is, we would have zero interest in implementing this API if it was > normatively required to be available to unauthenticated origins, because > this API would provide zero benefit to the web platform, while introducing > significant complexity for implementors. The only benefits from this API are > realized when delivered over authenticated transports to authenticated > origins. The thing is, I have explained many times in this group why the above is not true. For example, the ability to provide confidentiality against passive monitoring is a net-positive, even if confidentiality is not provided against active attackers. There are further net-positives available on a TOFU basis even in face of active attackers, as I have explained. You might not value these particular security benefits, for they are indeed modest, and that is fine. You might ague that those benefits are so modest that they should not be provided. But it is not true that there is no possible benefit. Anyway, I think the point you were being asked to address was the fact that an HTTPS restriction for WebCrypto is easy to work around with an I-Frame and indeed this is what we are doing on Chrome in the field today at some scale. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Wednesday, 22 October 2014 18:22:19 UTC