On Tue, Sep 22, 2015 at 11:16 PM, Eric Rescorla <e...@rtfm.com> wrote: >> The api has been extensively discussed with all browser vendors and has >> changed substantially in response to this > > Can you please point me to those changes and to the security analysis?
Security wasn't discussed much in these conversations, and the changes were all syntactical and didn't affect security. That's not to say that no one has cared about security or been unaware about the security implications, it's more due to the fact that any security aspects here are likely to influence the API or the normative spec text. But yes, I agree that we should have the security team look at this feature. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
