W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2013

Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Fri, 1 Feb 2013 10:19:41 +0900
Message-ID: <CAE-+aY+H=e5Mm4Wqu79BKk-hY7MazOgXqLKixQLb604kSoatNg@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
Cc: public-webcrypto@w3.org
from the previous discussions

I remember we have two proposals for this issue.

one is allowing multi-origin shared acces for certificate associated case.
second is allowing multi-origin shared access by user consent

the reason why this issue is important is

in the online banking usecases.
users generate keypair at CA website and get certificate.
and the certificate-private key pair should be used at other bank sites for
signing document or verifying signature.

as compared to TLS certificate usecases,
it is also common sense.
generating and getting certificate from CA site
and using it at different site

On Fri, Feb 1, 2013 at 4:18 AM, Ryan Sleevi <sleevi@google.com> wrote:

> http://www.w3.org/2012/webcrypto/track/issues/26
>
> I would like to propose that we CLOSE Issue-26.
>
> There have been no proposals put forward on how to securely address
> multi-origin shared access. Further, such provisioning opens up a host
> of security concerns that the use cases used to justify such access
> are not compatible with.
>
> In the current specification, multi-origin applications may make use
> of secure messaging exchanges, such as postMessage, to transition
> across security domains, without requiring the granting of a single
> origin full access to either plaintext or to keying material.
>
> As such, absent both concrete use cases and proposals, I propose that
> this issue be closed.
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World
Received on Friday, 1 February 2013 01:49:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 1 February 2013 01:49:14 GMT