- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 23 Dec 2014 11:31:23 -0800
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Richard Barnes <rlb@ipv.sx>, public-webcrypto@w3.org, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 23 December 2014 at 10:43, Ryan Sleevi <sleevi@google.com> wrote: > - Undoes three years of hard work to design some semblance of security > guarantees regarding what is usable and exposed. > - Introduces unnecessary ontological confusion by attempting to overlay a > high-level semantic onto the notion of keys that the WG *repeatedly* has > rejected > - attempts to redefine the charter and scope of a WG and its key deliverable Ryan, I'm seeing a lot of very strong language[1], but I'm having trouble understanding your objections. Let's see if I can try to ask some simple questions for clarity. If, as Richard proposes, you get a CryptoKey with a usage of 'webrtc', and that isn't good for anything but WebRTC, what risk does this pose to WebCrypto? What security protections in particular does this ignore or jeopardize? --Martin [1] Frankly, I'm shocked that you think this tone is acceptable.
Received on Tuesday, 23 December 2014 19:31:50 UTC