W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > October 2012

Re: WD: 2.8. Out-of-Band Key Provisioning

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 30 Oct 2012 16:28:19 -0700
Message-ID: <CACvaWvan7zmP4zDdWFqjfgxPfoQVqryTeDj5DSFY2j+nB_SU9g@mail.gmail.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Tue, Oct 30, 2012 at 9:57 AM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> http://www.w3.org/2012/webcrypto/WebCryptoAPI/#out-of-band-keys
>
>   "...User agents may choose to expose such keys to web applications after implementing
>    appropriate security and privacy mitigations, such as gaining user consent or other
>    out-of-band authorization..."
>
> Every UA-maker will (have to) make their own interpretation on what is appropriate
> since "appropriate" is pretty subjective.

Yes. UAs do this with every single feature of the web platform -
standard or experimental. They do it with every single thing you may
take for granted today, and will continue to do every single day it
for every single feature that has existed or will be implemented. That
UAs must care about security and usability should hopefully come as no
surprise.

>
> The "Korean use-case" is stone-dead.
>
> Anders
>
>
Received on Tuesday, 30 October 2012 23:28:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 30 October 2012 23:28:47 GMT