On Wed, Dec 9, 2015 at 4:55 PM, Tim Guan-tin Chien <timdr...@mozilla.com> wrote: > On Fri, Dec 4, 2015 at 7:01 PM, Robert O'Callahan <rob...@ocallahan.org> > wrote: >> >> On Fri, Dec 4, 2015 at 2:43 PM, Eric Rescorla <e...@rtfm.com> wrote: >> >> > >> > Sure. Conversely, I don't find myself convinced by your position. >> > >> > Would be happy to talk about this live if you think that's useful. >> > >> >> Probably not ... these are judgement calls that are difficult to resolve. >> >> Rob > > Rob, > > IMHO there will be some detail to settle for (1) since that implies > hardware vendor has to host a driver for the device to work, > _forever_. > > We could get around it by amending (1) into having vendor shipping a > JS library as driver, which fold it into (4) (if I understand it > correctly). But then we would lost the benefit of getting vendors to > supply security update timely and block bad API calls from apps. > > I am leaning toward Ekr's opinion in this case. The way hardware > vendors divide their works also prevent the actual chip vendor (OEM) > from providing end user support (by at least host a driver). >
The (4) here is the one Jonas wrote: > 4) Design a new USB-protocol which enables USB devices to indicate > that they are "web safe" and which lets the USB device know which > website is talking to it. Then let the user authorize a website to use > a given device. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
