- From: Tom Ritter <tom@ritter.vg>
- Date: Mon, 13 Aug 2012 20:04:36 -0400
- To: public-webcrypto-comments@w3.org
I haven't seen this discussed yet (but may have missed it due to mailing list snafus), but to support a lot of the primary use cases, it would be very important to have some sort of mechanism to indicate some javascript variables (in addition to the 'obvious' ones like private keys in the keystore) should not be written to disk by whatever mechanism provided by the underlying Operating System, and should be zero-ed when garbage collected. This would of course be a 'best effort' approach, as the variables may be written to disk in the event of a core dump or hibernation, but if the OS provides any mechanism to avoid swapping memory, I feel like it should be used. This would be used in many of the secure message applications, the encrypted bill use case, and anything that winds up with plaintext in a javascript variable. -tom.
Received on Tuesday, 14 August 2012 00:05:39 UTC