Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal from David Dahl on 2011-06-10 (public-web-security@w3.org from June 2011)

From: David Dahl <ddahl@mozilla.com>
Date: Fri, 10 Jun 2011 13:50:15 -0700 (PDT)
To: Nico Williams <nico@cryptonector.com>
Cc: Brian Smith <bsmith@mozilla.com>, public-web-security@w3.org, Jarred Nicholls <jarred@sencha.com>, Anders Rundgren <anders.rundgren@telia.com>
Message-ID: <499478804.173513.1307739015910.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>

----- Original Message -----
> From: "Nico Williams" <nico@cryptonector.com>
> To: "Anders Rundgren" <anders.rundgren@telia.com>
> Cc: "Brian Smith" <bsmith@mozilla.com>, public-web-security@w3.org, "Jarred Nicholls" <jarred@sencha.com>, "David
> Dahl" <ddahl@mozilla.com>
> Sent: Friday, June 10, 2011 3:33:46 PM
> Subject: Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

> Of course, the serve could do all that on the server side just as
> well. But I think there's benefits to doing profile
> decryption/encryption on the client side.

Indeed, user profile data on servers could literally just be an email address, a hashed password and a blob (or not, maybe the blob is in localStorage), freeing the business of the fallout when the server is compromised.

Cheers,

David

Received on Friday, 10 June 2011 20:50:44 UTC