RE: W3C Web Crypto WG - CfC to mandate secure context for SubtleCrypto from GALINDO Virginie on 2016-08-30 (public-webcrypto@w3.org from August 2016)

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Tue, 30 Aug 2016 16:09:26 +0000
To: Mike Jones <Michael.Jones@microsoft.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
CC: Harry Halpin <hhalpin@w3.org>, "wseltzer@w3.org" <wseltzer@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2A0146CD7A43@A1GTOEMBXV005.gto.a3c.atos.net>

Mike,
I suggest you have a look at the issue 28, here, to get the history and different opinions : https://github.com/w3c/webcrypto/issues/28
Regards,
Virginie

From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: mardi 30 août 2016 18:01
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>; public-webcrypto@w3.org
Cc: Harry Halpin <hhalpin@w3.org>; wseltzer@w3.org
Subject: RE: W3C Web Crypto WG - CfC to mandate secure context for SubtleCrypto

To help people understand this decision, what is the rationale for requiring secure context?

From: GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
Sent: Tuesday, August 30, 2016 7:33 AM
To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Cc: Harry Halpin <hhalpin@w3.org<mailto:hhalpin@w3.org>>; wseltzer@w3.org<mailto:wseltzer@w3.org>
Subject: W3C Web Crypto WG - CfC to mandate secure context for SubtleCrypto

Dear all,

During our call on the 29th of August [1], we resolved that "SubtleCrypto would require secure context, and we mentioned that by this resolution, we agree endorsing any decision related to localhost made by Web App Sec WG".  This would solve the issue 28 attached to web crypto API [2].

This email is a call for consensus, which will end on 13th of September. It aims to confirm this resolution over our mailing list, as decided in our WG working methods.

As such, if you object to this resolution, please indicate it on this mailing list.
Silence is taken as resolution endorsement, while we encourage explicit support here.

Regards,
Virginie
Chair of the Web Crypto WG

[1] https://www.w3.org/2016/08/29-crypto-minutes.html
[2] https://github.com/w3c/webcrypto/issues/28

// please ignore the following statement

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Tuesday, 30 August 2016 16:10:01 UTC