W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2013

Re: Follow-up. Re: Use case: Authenticate using eID

From: Arun Ranganathan <arun@mozilla.com>
Date: Tue, 14 May 2013 16:00:29 -0400
Cc: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-Id: <935AAF3A-15AA-44D9-A026-B23C211BB9B7@mozilla.com>
To: Aymeric Vitte <vitteaymeric@gmail.com>
On May 13, 2013, at 4:38 PM, Aymeric Vitte wrote:

> In another email, you wrote "2. The key can be shared with origin 2 via cross-origin messaging." (http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0036.html), I don't see how CORS could apply here, withCredentials or not, CORS is only about sending/receiving things to/from other origins and sharing some stringyfiable things or cookies uses, you can not share keys, the best you can do is to send some information to allow another origin to find the keys.
> Maybe I am missing something but what is the idea here?

(I was responding to your point about IndexedDB being a "mega-Cookie" and unwisely elected to discuss differences in how Cookies can be used vs. client-side stores.  I'm sorry if this was confusing.  These technologies are unrelated to our discussion of Crypto and cross-origin messaging.)
Received on Tuesday, 14 May 2013 20:05:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:17 UTC