- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 16 Aug 2016 21:03:07 +0200
- To: "Peter Bielak, Executive Manager" <peter@safebash.com>, public-webcrypto-comments <public-webcrypto-comments@w3.org>
On 2016-08-16 20:33, Peter Bielak, Executive Manager wrote: > > Hello guys! > thank you all for collaboration. > > Yes there is a trust issue but I think the trust can be based on the following: > if the key is only generated and decrypted on client and every single piece of information > is also decrypted, encrypted on client users can see the JavaScript code and you > never know which user will be the kind of a person who always dig in the source core, searches bugs, > security issues has thousands of followers and immediately reporting that to news, TV and all over which would probably > destroy company's reputation and nobody would trust you once you did something like this, but server side cannot > be seen and checked by people. Peter, We are on the same page here :-) > > I really like WebCrypto and I would like to use it this way, I don't know maybe my idea > is stupid. I wouldn't say that it is stupid, only that it departs from the Web model which is provider-centric. That is, I would rather authenticate users and do all the encryption/decryption on the server which relieve users from memorizing yet another password and dealing with encryption keys altogether. Regards, Anders > > Thanks again for your suggestions and ideas!
Received on Tuesday, 16 August 2016 19:03:40 UTC