Re: crypto-ISSUE-26 (multi-origin access): Should key generation be allowed to specify multi-origin shared access [Web Cryptography API] from Wan-Teh Chang on 2012-08-24 (public-webcrypto@w3.org from August 2012)

From: Wan-Teh Chang <wtc@google.com>
Date: Fri, 24 Aug 2012 12:11:12 -0700
To: Ryan Sleevi <sleevi@google.com>, Mountie Lee <mountie.lee@mw2.or.kr>
Cc: Seetharama Rao Durbha <S.Durbha@cablelabs.com>, David Dahl <ddahl@mozilla.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CALTJjxE+tfYSy4MQN5JDLNY7CbH4k8fo4jBHWNic9pYy2qOYTg@mail.gmail.com>

The "certificate-private key pair" use case, which Mountie just
described in detail, is a well-known use case that requires
multi-origin access to keys.

I am not proposing we solve that problem in the first version of the
API, but we should design the API so that it could support the
"certificate-private key pair" use case in the future. This seems to
require adding an input argument related to key access control to the
generateKey() method. We could require that input argument be "same
origin policy" in the first version of the API.

Wan-Teh

Received on Friday, 24 August 2012 19:11:39 UTC