Hey all, Sorry for being late to the party here. I now subscribe to dev.platform :)
On the issue of whether WebCrypto should be restricted to secure origins: In discussions I've had with folks around Mozilla, we have not seen sufficient security risks to motivate cutting off the potential benefits of exposing crypto utilities to non-secure origins. As a top-level point, we are in total agreement with the Chrome team that we need more encryption in the web. We should be taking advantage of more opportunities to add cryptographic protections to web applications. So our default position is to provide web developers more tools for doing cryptography, when they can provide even incremental benefit. Most notably, even over non-secure origins, application-layer encryption can provide resistance to passive adversaries. Given that a bunch of the pervasive monitoring threats we've been talking about are purely passive, that's a non-trivial win. If the encryption keys are made non-extractable, you're even protected against active attackers stealing them later (as long as the first load is clean). And that's not to mention that there are entirely non-security-sensitive use cases for faster hashing using crypto.subtle.digest() No, WebCrypto on an http:// origin is not a replacement for TLS. Yes, you can still be subverted by an active attacker. The bath-water is dirty, but there's still a baby in it. --Richard _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
