- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 25 Apr 2013 12:18:54 -0700
- To: Hutchinson Michael <Michael.Hutchinson@gemalto.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Thu, Apr 25, 2013 at 12:14 PM, Hutchinson Michael <Michael.Hutchinson@gemalto.com> wrote: > If one UA (i.e. IE) persists its key material using one method (CNG - KSP) are were sure that a second UA (i.e. FF) can make use of it? No. This is out of scope. Just because one browser has a cookie store, for example, does not mean other browsers can use that cookie store. Same for IDB, localStorage, etc. > > Implication would be that the user must use the same UA for all key operations... Correct. Same as they have to for cookies/localStorage/IDB/etc. The Web Crypto API explicitly does not declare how keys are to be stored, and this is intentional. They behave "just" like existing Web APIs, with the advantage that they can be used to poke into the UA's existing cryptographic stack to take advantage of the reasons enumerated (eg: correctness of implementation, performance, security, etc) > >>Michael > >
Received on Thursday, 25 April 2013 19:19:25 UTC