Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] W3C WebCrypto Last Call for Comments *today*

carlo von lynX lynX at
Mon May 19 23:43:03 PDT 2014

Thank you for a faceted browser API.

When Netscape introduced livescript in 1995, who would
have thought it would have one day be employed for
opportunistic end-to-end encryption and similar jobs.

I would kindly ask you to mention in the opening words
that such an API can only be used in an "opportunistic"
fashion as the JS code intended to use this API itself
somehow has to be delivered to the browser, which is an
as yet unsolved problem considering the failures of
certification authorities in the past.

There is a fundamental flaw in the security architecture
of the web and this new API does not address that.

Please make that clear, or you may stir false hopes and
become responsible for potential consequences. People may
be developing sensitive applications with this, not being
aware that any certification authority of any country on
earth can insert malicious code.

Best,  CvL


More information about the liberationtech mailing list