W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2012

Re: ECC vs RSA, and Similar Conflicts

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 10 May 2012 07:44:38 -0700
Message-ID: <CABcZeBNPjJp+n_CbGeAjhT11wkKmoVe0ErbOE=feSYx-bKGw8g@mail.gmail.com>
To: David Dahl <ddahl@mozilla.com>
Cc: "Richard L. Barnes" <rbarnes@bbn.com>, Nadim <nadim@nadim.cc>, public-webcrypto@w3.org, Cullen Jennings <fluffy@cisco.com>
On Thu, May 10, 2012 at 7:30 AM, David Dahl <ddahl@mozilla.com> wrote:
> One of the reasons for establishing this WG is to try and provide a more secure way of using crypto on the web. Keeping the private keys private is at the top of this list. We can establish a spec that only ever references private key IDs, making this much more secure than existing JS crypto libraries that have access to private key material.

It's not clear to me that this is "much more secure". What's the
threat model under which
that is the case?

-Ekr
Received on Thursday, 10 May 2012 14:45:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:10 UTC