W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Key Opacity/Identification Issue - Web Cryptography Charter Updated

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 09 Dec 2011 13:32:54 +0100
Message-ID: <4EE1FFF6.3050204@w3.org>
To: "public-identity@w3.org" <public-identity@w3.org>
I've updated the Web Cryptography Charter based on feedback from various 
people, both in and off list. The new version is here:

http://www.w3.org/2011/11/webcryptography-charter.html

I'd like in particular to point out that one of the most issues has the 
been the keys having "opaque" identifiers. In this, I'd like to clarify 
that the keys be opaque *to the API*.

If a key is pre-provisioned in the key-store of the browser or if the 
key generation is done outside (say pre-provisioned a USB key) and then 
somehow "imported" into the keystore, the API should maintain whatever 
identification scheme that belonged to the key when it was first minted. 
However, making the code connecting preprovisioned keys with particular 
identification schemes will not be the responsibility of the 
implementers of the API, but will rest will whoever wants to provision 
the keys.

By saying "opaque", I only mean that there should be *no* special key 
identification schemes natively promoted or understood by the API and no 
special routines for handling that. So for the API the identification 
scheme is opaque, but it can be non-opaque as the key-related 
information is handled "downstream" by the application.

Thus I have "specification in API of special handling for non-opaque key 
identifiers" as out of scope. Also we have moved "information about the 
destination and provenance of a key beyond the enforcement of the 
same-origin policy" back into out of scope.
Received on Friday, 9 December 2011 12:32:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 9 December 2011 12:32:44 GMT