This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23496 - Informative note about developer expectation re user access to decrypted data?
Summary: Informative note about developer expectation re user access to decrypted data?
Status: RESOLVED WONTFIX
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Ryan Sleevi
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-14 19:46 UTC by Harry Halpin
Modified: 2014-09-26 15:01 UTC (History)
1 user (show)

See Also:


Attachments

Description Harry Halpin 2013-10-14 19:46:16 UTC
The developer may have some expectation that when he decrypts ciphertext on the end point it isn't visible to the end user, but that isn't the case. (Dan Boneh's comments). An informative note?

Dan Boneh
Comment 1 Mark Watson 2014-09-22 17:36:10 UTC
I think it should be clear to JS developers that any data visible to JS is visible from the developer console to the user. Suggest won't-fix.