Re: Rethinking KeyStorage

On Nov 7, 2012, at 3:43 PM, Ryan Sleevi wrote:

> I really don't want to see a situation where otherwise tremendously
> useful work ends up getting blocked by an Formal Objection in LC/CR
> over an optional feature, and I think the privacy concerns being
> glossed over or actively dismissed are a real reason for concern of
> that happening.

Ryan, please actually read what I write before replying!

I am not trying to dismiss or gloss over anything. Quite the contrary, I am advocating transparency and discussion. As I said, I think this is better than punting the issue into an implementation-specific black hole (rather like <object> does with so many things).

If that discussion led to a decision by W3C that such a feature should not be part of the web platform (and consequently, services that rely on it should not be supported on the web), then so be it. In my view that would be unfortunate - not least because those services represent the best part of half of all Internet traffic, in the US at least - but at least it would be clear. But don't try to pre-empt, short-circuit or assume the outcome of that discussion from the outset.

Btw, for those just added to this thread, the context is that we are discussing pre-provisioned origin-specific keys that today exist on devices such as TVs and Set Top Boxes and how access to use those keys might be provided to scripts from the associated origin, with user knowledge and consent, through the WebCrypto API.

…Mark

Received on Thursday, 8 November 2012 00:03:01 UTC