W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25721] extractable keys should be disabled by default

From: <bugzilla@jessica.w3.org>
Date: Mon, 19 May 2014 23:07:46 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-tfSbLXCwiQ@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721

--- Comment #14 from elijah@riseup.net ---
Ryan, I understand that you don't personally like the idea of placing
restrictions on extractable keys, but the topic is clearly "within scope". I
just found this in the WebCrypto Charter:

> Primary API Features in scope are... the API should be asynchronous and
> must prevent or control access to secret key material and other sensitive
> cryptographic values and settings.

(http://www.w3.org/2011/11/webcryptography-charter.html)

In light of this, I wish to make a formal objection to the inclusion of
extractable private keys in the WebCrypto API without user agent requirements
to disable this by default or require user consent.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 19 May 2014 23:07:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC