W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2014

structured cloning of key object and control

From: Mountie Lee <mountie@paygate.net>
Date: Wed, 5 Mar 2014 09:44:34 +0900
Message-ID: <CAE-+aYJyDzuZ=MaRk74VmumwkCTwzPMaLQ=hezYRvjjDLb=Pzw@mail.gmail.com>
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Hi.
I have some questions.

still I'm trying to find best solutions for SOP issue from current
specifications.

when the key object is cloned and sent to different window of different
site via postMessage,
can we control the cloned object?

the control means
set max age
restrict key usage
set max key use count
...

when the cloned key object (not key raw material) was sent to window of
untrusted site,
the key will be exposed to risk.

regards
mountie.

-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World
Received on Wednesday, 5 March 2014 00:45:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:21 UTC