- From: Mark Watson <watsonm@netflix.com>
- Date: Mon, 10 Dec 2012 23:28:01 +0000
- To: "Acar, Tolga" <tolga.acar@intel.com>
- CC: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
On Dec 10, 2012, at 3:23 PM, Acar, Tolga wrote: > One aspect: exposure of raw key material in IndexedDB instead of a Key object that may not be extractable. A Key object with "extractable=false" can be stored in IndexedDB without exposing the raw key material. What is stored in IndexedDB is effectively a *reference* to the key material, not the raw key material itself. Perhaps some clarification of this is required ? Whatever kind of Key object you have, storing and retrieving it to/from IndexedDB should not pose any additional security risks, in terms of exposing the key. …Mark > > - Tolga > >> -----Original Message----- >> From: Mark Watson [mailto:watsonm@netflix.com] >> Sent: Monday, December 10, 2012 2:28 PM >> To: Acar, Tolga >> Cc: public-webcrypto@w3.org Group >> Subject: Re: Scope of key discovery draft >> >> >> On Dec 10, 2012, at 1:52 PM, Acar, Tolga wrote: >> >>> Thanks, Mark. I have another use case of named origin-specific keys. >>> >>> The only difference, as the name above suggests, is that these keys are not >> pre-provisioned; they are created on-demand for later use. This is similar to >> native crypto API behavior. A key is created and stored if it doesn't exist, and >> is retrieved if it is already there. >> >> What aspect of your use-case is not covered by storing the Key object in >> IndexedDB ? >> >> ...Mark >> >>> >>> - Tolga >>> >>>> -----Original Message----- >>>> From: Mark Watson [mailto:watsonm@netflix.com] >>>> Sent: Monday, December 10, 2012 1:43 PM >>>> To: public-webcrypto@w3.org Group >>>> Subject: Scope of key discovery draft >>>> >>>> All, >>>> >>>> On the call, I presented the key discovery draft as containing only >>>> the material on "named origin-specific pre-provisioned keys", but it >>>> could be extended, if there was support, to other kinds of key discovery. >>>> >>>> Ryan voiced the opinion that the scope of the document should be >>>> restricted to just this case and that other cases should be addressed >>>> in other documents. >>>> >>>> I would like to know if there are any other opinions ? >>>> >>>> If not, does anyone have a good suggestion for a shorter name ? >>>> "WebCrypto: Discovery of named origin-specific pre-provisioned keys" >>>> is a bit of a mouthful. >>>> >>>> ...Mark >>> > >
Received on Monday, 10 December 2012 23:28:31 UTC