Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution from Rigo Wenning on 2015-02-02 (public-web-security@w3.org from February 2015)

From: Rigo Wenning <rigo@w3.org>
Date: Mon, 02 Feb 2015 08:38:55 +0100
To: public-web-security@w3.org
Cc: Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <2393634.ZKaxyDhEjo@hegel>

Brad, 

On Thursday 29 January 2015 22:50:00 Brad Hill wrote:
>   1.  Privacy and tracking.  How does the presence of specific crypto
> elements and discoverable keys which are not Origin-scoped not create
> privacy violations?

Depends entirely on who controls activation and discoverability of the 
feature. Keys that are not origin-scoped may be extremely useful, but create 
the risk you describe in a mental model where the user is just a hoard of 
click-cattle. On the other hand, asking for good UI is like asking for the 
magic wand. A solution can be found IMHO in defined use cases where the 
browser is allowing the keys only in certain contexts and after informing the 
user. This is in fact the same as activating geolocation IMHO..

 --Rigo

Received on Monday, 2 February 2015 07:39:18 UTC