W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25710] No Key Deletion

From: <bugzilla@jessica.w3.org>
Date: Mon, 19 May 2014 23:29:11 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25710-7213-otOVa318CU@http.www.w3.org/Bugs/Public/>

--- Comment #3 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Matt Miller from comment #2)
> As a user of the API, I do find it worthwhile to be able to explicitly
> invalidate a key.  However, since the WG consensus seems to be to rely on
> ECMAScript's object lifetime, I can live with this for now.  It would help
> users of the API if that it were stated, even non-normatively.

What's the use case for explicitly invalidating?
How is explicit invalidation meant to operate
  - when the user has multiple tabs open
  - when the user has postMessage()'d the key to a worker
  - when the user has postMessage()'d the key to another origin

Note that answering any of these questions implies assumptions about a storage
model, which as you noted, is something we've attempted assiduously to avoid.
IndexedDB has largely addressed these (with a significant bit of complexity
added to the underlying HTML spec to handle database locking semantics).
Likewise, other APIs have outright refused to create multi-context aware
objects (eg: ArrayBuffer being Transferrable, rather than Cloneable) for this

You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 19 May 2014 23:29:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC