- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Tue, 02 Apr 2013 13:10:38 +0200
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Since an issuer of a key has (if I didn't got it all wrong...) full "usage" access to a key it has issued including signing whatever it wants there are obviously some trust isolation limits of the Web Crypto API. Note: I don't see that as a big problem. Anyway, in such a context it wouldn't be completely wrong adding something like a "setPIN (value, retries)" method to a key which for subsequent uses of the key would require the user providing a matching PIN. The policy of the PIN would be defined in a traditional web-process. Anders
Received on Tuesday, 2 April 2013 11:11:10 UTC