-
I would like to use `deriveKey` with PBKDF2 to derive a primary key from a primary password. I would then like to use HKDF to derive multiple independent operational keys (using different `info` param…
-
As mentioned in https://github.com/w3c/webappsec-feature-policy/issues/282#issuecomment-486267212, there's interest in splitting different types of policies out into different pieces of FP. I'm going …
-
As we consider moving toward triple-keyed partitions, some of those keys use an ancestor-chain bit while others use the frame origin. Can you describe the trade-off of choosing one over the other, and…
-
According to the documentation, to support the CSP header, a nonce needs to be added to the style-src directive (https://mui.com/material-ui/guides/content-security-policy/). However, a number of Mate…
-
## Request for Mozilla Position on an Emerging Web Specification
* Specification Title: Signature-based Resource Loading Restrictions
* Specification or proposal URL: https://github.com/mikewest/s…
-
@davidben pointed out that we made a decision in Fetch Metadata to send the site-relationship between the _initiator_ and the target in `Sec-Fetch-Site`, which doesn't allow servers to make the same d…
-
### Description
___
SM3 is a fast software friendly hash function.
I would like to add it to as an optional part of the webcrypto API.
### Spec
it can be found here:
- ISO/IEC 10118-3:20…
-
I'm running into a weird situation in practice in both FF and Chrome where if I send `frame-src 'nonce-...';`, the browsers still don't allow a nonce-tagged iframe to load. Chrome even explicitly retu…
-
Continuation of https://www.w3.org/Bugs/Public/show_bug.cgi?id=23878#c20.
> I'd be nice if there was an ~observer API that allowed an application to be notified when new fetch requests are added to t…
-
I'm not sure whether this is the correct issue tracker or not.
Anyways, I wanted a self-hosted home inventory management PWA for people to find their items efficiently. I made it and now I found that…