W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 31 Jan 2013 11:18:26 -0800
Message-ID: <CACvaWvYWntbRfKdXDTRLD7cSa2gBJdBdmuhKxpf3Ey8szGoUiw@mail.gmail.com>
To: public-webcrypto@w3.org

I would like to propose that we CLOSE Issue-26.

There have been no proposals put forward on how to securely address
multi-origin shared access. Further, such provisioning opens up a host
of security concerns that the use cases used to justify such access
are not compatible with.

In the current specification, multi-origin applications may make use
of secure messaging exchanges, such as postMessage, to transition
across security domains, without requiring the granting of a single
origin full access to either plaintext or to keying material.

As such, absent both concrete use cases and proposals, I propose that
this issue be closed.
Received on Thursday, 31 January 2013 19:18:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC