W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

PROPOSAL: Close ISSUE-30 - How does the application know where the key is stored ?

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 31 Jan 2013 11:24:15 -0800
Message-ID: <CACvaWvazLP04BDiCU38h46PitSf3mMsn1-G9vWYButfmkwCY3g@mail.gmail.com>
To: public-webcrypto@w3.org

This was a rehash of ISSUE-11. There was significant discussion on the
Issue, along with the explanation about the infeasability of
addressing the proposed concerns in light of the web security model.
Further, such proposals inherently lead to vendor and
implementation-specific information leaking into the API, an action
that is explicitly intended to be avoided.

Under the current specification, key storage is left to the
application through the use of existing web storage mechanisms.
Further, proposals such as the Named Key Discovery API show examples
of how applications may utilize application-specific knowledge about
the storage of the key.

As such, I would propose that this issue be CLOSED.
Received on Thursday, 31 January 2013 19:24:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC