W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: Privacy considerations of persistent device keys / device IDs

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 8 Nov 2012 08:26:18 -0800
Message-ID: <CACvaWvZBJ-oGWxn0nkZcAOh7e6w5KNJeGX=AM8X4ewpmu2JQ_w@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: Seetharama Rao Durbha <S.Durbha@cablelabs.com>, David Dahl <ddahl@mozilla.com>, public-webcrypto <public-webcrypto@w3.org>, Arun Ranganathan <arun@mozilla.com>, Harry Halpin <hhalpin@w3.org>
>> 1) Remove the KeyStorage API [Done]
>
> No, you do not have agreement of the group to do that. Please, let's not get into HTML-WG-style revert requests. You need consensus to make changes and you clearly do not have it.

Mark,

Consensus was reached during the Face to Face, recorded in the
minutes, and reflected in the ACTION assigned to the editors -
http://www.w3.org/2012/webcrypto/track/actions/60 . That decision was
recorded, so this is not some unilateral action being taken.

Your point that removing KeyStorage prevents your particular use case
is noted. You can certainly make a proposal to provide text that
addresses your use case.

But we should not simply leave misleading or non-implemented text in
place, simply because we don't (yet) have something better, let alone
before we've agreed upon adding and addressing that feature.

For ANY feature, and not just pre-provisioned key, if there are
issues, it is BETTER to remove it from the spec and address it with
follow-up proposals than to simply leave it in place "because it's
easier" or "because it's convenient".
Received on Thursday, 8 November 2012 16:26:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC