comments on web crypto API: Extractable keys [5/6]

This API allows for keys that are extractable meaning that the 
javascript code would not just use the keys, but it will also transfer 
them to the server or to another party. We see more possibilities for 
malicious usage of this practice, than legitimate usage, so we propose 
to _not_ allow extractable keys at all.

Received on Thursday, 23 May 2013 10:12:58 UTC