W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 31 Jan 2013 11:18:26 -0800
Message-ID: <CACvaWvYWntbRfKdXDTRLD7cSa2gBJdBdmuhKxpf3Ey8szGoUiw@mail.gmail.com>
To: public-webcrypto@w3.org
http://www.w3.org/2012/webcrypto/track/issues/26

I would like to propose that we CLOSE Issue-26.

There have been no proposals put forward on how to securely address
multi-origin shared access. Further, such provisioning opens up a host
of security concerns that the use cases used to justify such access
are not compatible with.

In the current specification, multi-origin applications may make use
of secure messaging exchanges, such as postMessage, to transition
across security domains, without requiring the granting of a single
origin full access to either plaintext or to keying material.

As such, absent both concrete use cases and proposals, I propose that
this issue be closed.
Received on Thursday, 31 January 2013 19:18:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 31 January 2013 19:18:53 GMT