- From: Samuel Erdtman <samuel@erdtman.se>
- Date: Fri, 26 Apr 2013 17:12:37 +0200
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
In addition to the privacy issue of the eID being a super cookie, in Sweden the eID certificate contains pii that must not be accessible to arbitrary sites. Are we going to ask the user to approve eID keys and certificates to be accessed by different origins, should this possibility be available for all certificate and keys or is it limited to eID keys if yes how are they going to be identified as eID key. This is getting closer to my suggestion that we could have a certificate attribute for the origins that a key should be available to. Sent from my iPhone
Received on Friday, 26 April 2013 15:15:34 UTC