W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2013

Re: Follow-up. Re: Use case: Authenticate using eID

From: Aymeric Vitte <vitteaymeric@gmail.com>
Date: Wed, 15 May 2013 18:10:17 +0200
Message-ID: <5193B369.6060908@gmail.com>
To: Arun Ranganathan <arun@mozilla.com>
CC: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Yes, sorry, I did not realize it was related to my mega cookie story and 
mixed things.


Le 14/05/2013 22:00, Arun Ranganathan a écrit :
> On May 13, 2013, at 4:38 PM, Aymeric Vitte wrote:
>> In another email, you wrote "2. The key can be shared with origin 2 
>> via cross-origin messaging." 
>> (http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0036.html), 
>> I don't see how CORS could apply here, withCredentials or not, CORS 
>> is only about sending/receiving things to/from other origins and 
>> sharing some stringyfiable things or cookies uses, you can not share 
>> keys, the best you can do is to send some information to allow 
>> another origin to find the keys.
>> Maybe I am missing something but what is the idea here?
> (I was responding to your point about IndexedDB being a "mega-Cookie" 
> and unwisely elected to discuss differences in how Cookies can be used 
> vs. client-side stores.  I'm sorry if this was confusing.  These 
> technologies are unrelated to our discussion of Crypto and 
> cross-origin messaging.)

Email :  avitte@jcore.fr
iAnonym : http://www.ianonym.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
Web :    www.jcore.fr
Webble : www.webble.it
Extract Widget Mobile : www.extractwidget.com
BlimpMe! : www.blimpme.com
Received on Wednesday, 15 May 2013 16:08:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:17 UTC