On 2014-09-09, 7:25 AM, Anne van Kesteren wrote:
On Tue, Sep 9, 2014 at 12:48 PM, Tim Taubert <ttaub...@mozilla.com> wrote:
Completely agree with Ehsan and Henri. I don't know of any plans to even
consider doing that and we currently expose the WebCrypto API to
unauthenticated origins as well.
Note https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 which I
filed. I sort of assumed we wanted to align with Chromium. Either way,
if we think it should be exposed to non-TLS environments, bz could
probably use some help arguing the case.
I think Henri's analysis upthread is great.
FWIW going forward, I would expect this desire to expose more APIs only
to documents loaded over TLS to pop up over and over again. While
everyone agrees that a world with more TLS deployments is a better world
to live in, I think this is a line that we should tread carefully, and
we should be able to justify our decision on a case by case basis.
Is the non-overlap of algorithms documented on MDN?
We currently have no documentation for the WebCrypto API other than for
crypto.getRandomValues(). It should certainly be documented on MDN and
we could provide a list of algorithms we support. Not sure whether we
would want to do that for Chromium's supported algorithms as well?
I think we typically have documentation for other browsers as well,
though I don't think it's needed for an initial pass. Hopefully the
community can contribute it.
We should try to get the chromium folks contribute those docs. :-)
Cheers,
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform