Re: Encrypted Private Key from Peter Bielak, Executive Manager on 2016-08-16 (public-webcrypto-comments@w3.org from August 2016)

From: Peter Bielak, Executive Manager <peter@safebash.com>
Date: Tue, 16 Aug 2016 20:33:25 +0200
To: "public-webcrypto-comments" <public-webcrypto-comments@w3.org>
Message-ID: <15694a12bf0.1184925f6294872.5700321739192830715@safebash.com>

Hello guys!

thank you all for collaboration.



Yes there is a trust issue but I think the trust can be based on the following:

if the key is only generated and decrypted on client and every single piece of information

is also decrypted, encrypted on client users can see the JavaScript code and you

never know which user will be the kind of a person who always dig in the source core, searches bugs,

security issues has thousands of followers and immediately reporting that to news, TV and all over which would probably

destroy company's reputation and nobody would trust you once you did something like this, but server side cannot

be seen and checked by people.



I really like WebCrypto and I would like to use it this way, I don't know maybe my idea

is stupid.



Thanks again for your suggestions and ideas!

Received on Tuesday, 16 August 2016 18:35:06 UTC