On Thu, Sep 11, 2014 at 6:56 PM, Richard Barnes rbar...@mozilla.com wrote:
No, WebCrypto on an http:// origin is not a replacement for TLS.
Addressing confusion on this point seems to be the main driver of
Chrome's restriction of Web Crypto to authenticated origins. Is there
any way to quantify
On Thu, Sep 11, 2014 at 6:58 PM, Adam Roach a...@mozilla.com wrote:
When you force people into an all or nothing situation regarding
security,
Nature finds his own way: As nothing was invented for doing Javscript
Cryptography, someone started using Java Applets. Java applets are much
more
On 11.09.2014 19:04, Anne van Kesteren wrote:
On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote:
On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl wrote:
Are we actually partitioning permissions per top-level browsing
context or could they already accomplish this
On Fri, Sep 12, 2014 at 12:39 PM, Frederik Braun fbr...@mozilla.com wrote:
On 11.09.2014 19:04, Anne van Kesteren wrote:
On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote:
On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl wrote:
Are we actually partitioning
On 12.09.2014 11:51, Henri Sivonen wrote:
On Fri, Sep 12, 2014 at 12:39 PM, Frederik Braun fbr...@mozilla.com wrote:
On 11.09.2014 19:04, Anne van Kesteren wrote:
On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote:
On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl
Hi Jonas,
That’s a good point.
I agree with you that we should only expose this to certified or
privileged apps.
Thanks and regards,
Kershaw
於 2014/9/12 上午1:22,Jonas Sicking jo...@sicking.cc 寫道:
Hi Kershaw,
Has there been any discussions with other browser vendors about this
API? Or is there
On Fri, Sep 12, 2014 at 11:56 AM, Frederik Braun fbr...@mozilla.com wrote:
Yes and no. I identified this while working on a thesis on the Same
Origin Policy in 2012 and filed this only for Geolocation in bug
https://bugzilla.mozilla.org/show_bug.cgi?id=812147.
But the general solution might
On 12.09.2014 12:22, Anne van Kesteren wrote:
On Fri, Sep 12, 2014 at 11:56 AM, Frederik Braun fbr...@mozilla.com wrote:
Yes and no. I identified this while working on a thesis on the Same
Origin Policy in 2012 and filed this only for Geolocation in bug
On Fri, Sep 12, 2014 at 1:55 AM, Henri Sivonen hsivo...@hsivonen.fi wrote:
tion to https
that obtaining, provisioning and replacing certificates is too
expensive.
Related concepts are at the core of why I'm going to give Opportunistic
Security a try with http/2. The issues you cite are real
On Fri, Sep 12, 2014 at 08:55:51AM +0300, Henri Sivonen wrote:
On Thu, Sep 11, 2014 at 9:00 PM, Richard Barnes rbar...@mozilla.com wrote:
On Sep 11, 2014, at 9:08 AM, Anne van Kesteren ann...@annevk.nl wrote:
On Thu, Sep 11, 2014 at 5:56 PM, Richard Barnes rbar...@mozilla.com
wrote:
On 2014-09-11, at 22:55, Henri Sivonen hsivo...@hsivonen.fi wrote:
Moreover, https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-00
has the performance overhead of TLS, so it doesn't really address the
TLS takes too much compute power objection to https, which is the
usual
On 10/09/14 19:32, Aryeh Gregor wrote:
On Tue, Sep 9, 2014 at 3:44 PM, James Graham ja...@hoppipolla.co.uk wrote:
Yes, I agree too. One option I had considered was making a suite
web-platform-tests-mozilla for things that we can't push upstream e.g.
because the APIs aren't (yet) undergoing
On 2014-09-12, 6:22 AM, Anne van Kesteren wrote:
On Fri, Sep 12, 2014 at 11:56 AM, Frederik Braun fbr...@mozilla.com wrote:
Yes and no. I identified this while working on a thesis on the Same
Origin Policy in 2012 and filed this only for Geolocation in bug
On Thu, Sep 11, 2014 at 7:02 PM, Jonas Sicking jo...@sicking.cc wrote:
On Thu, Sep 11, 2014 at 3:21 PM, Ehsan Akhgari ehsan.akhg...@gmail.com
wrote:
On 2014-09-11, 5:54 PM, smaug wrote:
If we just needs new coordinates, couldn't we extend the existing event
interfaces with some new
On Fri, Sep 12, 2014 at 11:44 AM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote:
If we rewrite I think it would be good to take top-level browsing
context partitioning under consideration. That is, if I navigate to
https://example/ and grant it the ability to do X. And then navigate
to
On Fri, Sep 12, 2014 at 6:06 PM, Martin Thomson m...@mozilla.com wrote:
And the restrictions on the Referer header field also mean that some
resources can’t be served over HTTPS (their URL shortener is apparently the
last hold-out for http:// at Twitter).
That is something that we should
On 12/09/14 13:37, Anne van Kesteren wrote:
That is something that we should have fixed a long time ago. It's
called meta name=referrer and is these days also part of CSP.
I'll forward that on to those involved. Thanks.
___
dev-platform mailing list
On Fri, Sep 12, 2014 at 8:44 PM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote:
The permission manager itself is unaware of browsing contexts, it is the
consumer which decides how to query it.
But shouldn't it be aware of this so you can adequately scope the
permission? E.g. I could grant
On 12/09/14 13:59, Anne van Kesteren wrote:
But shouldn't it be aware of this so you can adequately scope the
permission? E.g. I could granthttps://amazingmaps.example/ when
embedded throughhttps://okaystore.invalid/ permission to use my
location. But it would not be given out if it were
On 9/12/14 10:07, Trevor Saunders wrote:
[W]hen it comes to the NSA we're pretty much just not going to be able
to force everyone to use something strong enough they can't beat it.
Not to get too far off onto this sidebar, but you may find the following
illuminating; not just for potentially
20 matches
Mail list logo