- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 12 Aug 2012 08:54:22 +0200
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
The security consideration part of the current draft mentions "tainting" as one example of protecting keys against possible algorithm multiuse (=misuse). IMO, this is an issuer problem, not an UA ditto. A better solution would be to mark they key during creation as only usable with a specific set of algorithms. Nope, it doesn't match well with PKCS #11... Yep, that's the way it is done in SKS :-) Anders
Received on Sunday, 12 August 2012 06:54:55 UTC