- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 17 Mar 2014 14:46:04 +0100
- To: Mountie Lee <mountie@paygate.net>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
* Mountie Lee wrote: >let me add more details the reason I suggested. > >as we know, some local resources are bound to specific origin. >also we have possible solutions for cross-origin communications like CORS, >postMessage, structured cloning and JSON. > >the requirement were initiated from discussion of Web Crypto WG. >in the WG, cryptography technologies are discussed and the most important >part of spec is the KEY(encryption key, decryption key....) for crypto >operations. > >the key is also bound to specific origin. >the key can be cloned/extracted and posted to different window of domain. > >but the key owner will lost key control after posting. > >my suggestion is to keep the resource control. It would help if you describe a complete scenario that illustrates what you are trying to accomplish, what problem needs solving. The only thing that sounds like a problem description in your text above is that "the key owner" loses control of a key after "posting" it somehow. It is very unclear if and how that is a problem that needs fixing, and since CORS is about being able to post the key, not maintaining control over it, it is unclear how CORS is related. So if you could come up with perhaps a use case description, we might be able to discuss the issue in detail. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 17 March 2014 13:46:39 UTC