Updates:
Labels: Action-DesignDocNeeded
Comment #2 on issue 132896 by
rsl...@chromium.org: TLS/SSL support in the
socket API
http://code.google.com/p/chromium/issues/detail?id=132896
From the net/ stack, I've been pushing back on this because of the use
cases involving:
- How to handle errors (particularly, certificate errors):
- Can the application/extension indicate they're acceptable? What risks
does this pose to users/user information?
- If not, is there a way for the user to accept the error? Right now, we
only show interstitials on main frame navigations, which don't help
apps/extensions.
- How does certificate verification happen?
- Does it happen exclusively with the system APIs?
- Can applications supply their own trust anchors? Are they mutually
exclusive or additive with the system APIs?
- What about applications that want to verify that custom (eg:
enterprise-specific) EKUs/policy OIDs are present in the chain?
- How does client auth happen?
While there are abstractions, much of the code is designed within the model
of web browsing, but increasing Apps (whether this is Apps V2, Extensions,
NaCl, Pepper, or even Pepper Flash) have different needs or requirements.
SSH support is very much a different thing entirely than SSL, and there is
no such support in net/, nor in Chrome itself. I'd give a little push back
on 'bloatiness' grounds, since it's something that demonstrably can be
wholly implemented externally (eg: SSH-in-a-tab), so I'm not sure 'native'
support is needed.