- From: <bugzilla@jessica.w3.org>
- Date: Mon, 22 Sep 2014 22:30:15 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #29 from Tom Lowenthal <me@tomlowenthal.com> --- I continue to object to extractable keys. None of the comments here suggest a change to the recommendation which would mitigate my objections. Conversely, it seems that the arguments *for* extractable keys come from a place of security nihilsm. It's true that as long as JavaScript is distributed unsafely, many things are at risk. This seems to make it even more important that keys not be extractable. Indeed, approaches like sub-resource integrity and CT-like work would make things even safer — if users are confident that keys can't be extracted. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 22 September 2014 22:30:16 UTC