On 8/29/12 11:35 AM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote: On Wed, Aug 29, 2012 at 10:02 AM, Lu HongQian Karen <karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>> wrote: Hi Ryan, I agree with you that Issue-30 needs more elaboration. Regarding to keylocation, I was thinking Enum keyLocation { None, // unspecified Browser, // browser's storage Local, // local storage other than browser's CryptoProvider // complexity: a user agent may have more than one cryptoProviders }; The distinction between "Local" and "CryptoProvider" is fundamentally flawed in assuming an implementation detail - since an implementation may access "Local" (which I assume to mean 'OS storage', but in fact can mean much more) storage via CryptoProviders. In fact, all Browser storage is could simply be another CryptoProvider. Note that the reason we are down this path is so that the application can limit the keys it wants the user to select. If you look at it, fundamentally, it is based on a provisioning model the app uses. Thus if the app provisioning does not include direct browser memory (regardless of what crypto provider the browser users), and only includes smart cards (external), then the app wants to search for 'external' keys only. We are not talking about how browsers implement their storage – but how applications treat that storage. Its a question of key provisioning and trust models used. So now we're down to only two (meaningful to web application) flags enum { None, CryptoProvider }; And since you may have multiple cryptoproviders, suddenly you need ways to disambiguate crypto providers, and now you're back to an API that requires providers, which has been repeatedly agreed that is not a focus of this WG nor something that can be reliably implemented across user agents.Received on Wednesday, 29 August 2012 18:04:13 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:26 UTC