- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 16 Aug 2012 10:43:07 -0700
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Wed, Aug 15, 2012 at 11:39 PM, Anders Rundgren <anders.rundgren@telia.com> wrote: > I'm unconvinced that WebCrypto's decision to drop the established cryptographic provider concept actually will prove to be sustainable. > > Session-keys and persistent keys have quite different properties, it is only the handle to the private/secret key that unites them in for example Java. > > In Java you also have to specify provider when doing private/secret-key operations which I feel is unnecessary. Shouldn't a key know its provider? > > Anders > Thank you for your feedback. As has been discussed on multiple phone calls and on the mailing list, the mapping of cryptographic providers is not a concept that helps to interoperability, and was thus discussed and closed. If implemented on top of a system that is based on a cryptographic provider model, then such keys will know their provider. This is the intended way to address provider usages. As discussed in the charter, the primary use case for a model of providers (provisioning and/or attestation) are out of scope.
Received on Thursday, 16 August 2012 17:43:38 UTC