W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: [W3C Web Crypto WG] comment on API draft section 5.4

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 4 Sep 2012 16:13:35 -0700
Message-ID: <CACvaWvbScX1mG4zS3m8ZaEDAYA1X-TYcZiN5TkBtZcsEA09Few@mail.gmail.com>
To: Ali Asad <Asad.Ali@gemalto.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Tue, Sep 4, 2012 at 11:08 AM, Ali Asad <Asad.Ali@gemalto.com> wrote:
> Hi,
>
>
>
> I have a comment to clarify the following sentence in section 5.4
>
>
>
>>>
>
> Additionally, this API does not deal with or address the discovery of
> cryptographic modules, as such concepts are dependent upon the underlying
> user agent and are not concepts that are portable between common operating
> systems, cryptographic libraries, and implementations.
>
>>>
>
>
>
> I understand the discovery of specific  cryptographic modules is outside the
> scope. However, I am assuming the this text in the document does not
> implicitly rule out discovery of keys stored in external storage such as
> smart cards. Though key discovery is not in the current spec, it will be
> worked on later, at which point it should be possible to select keys that
> reside in smart cards.
>
>
>
> Best regards,
>
> --- asad

Correct.

My mental model for such language has been with something akin to the
First Amendment - "The WG should make no requirements preferring a
particular type of key storage, nor prohibit the various types of key
storage that may exist." Also, the WG shouldn't try to enumerate or
classify key storage - no need to bring about that crisis quite yet.

And to be clear - key discovery doesn't guarantee that it will be
possible, since it's up to the implementations to support it. But the
general process of "taking advantage of keys that already exist" -
regardless of storage - should be handled via discovery.
Received on Tuesday, 4 September 2012 23:14:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 September 2012 23:14:04 GMT