- From: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@esat.kuleuven.be>
- Date: Thu, 23 May 2013 10:44:09 +0200
- To: <public-webcrypto-comments@w3.org>
- Cc: danny de cock <Danny.DeCock@esat.kuleuven.be>, Filipe Beato <filipe.beato@esat.kuleuven.be>
This API allows for keys that are extractable meaning that the javascript code would not just use the keys, but it will also transfer them to the server or to another party. We see more possibilities for malicious usage of this practice, than legitimate usage, so we propose to _not_ allow extractable keys at all.
Received on Thursday, 23 May 2013 10:12:58 UTC