- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 10 May 2012 07:44:38 -0700
- To: David Dahl <ddahl@mozilla.com>
- Cc: "Richard L. Barnes" <rbarnes@bbn.com>, Nadim <nadim@nadim.cc>, public-webcrypto@w3.org, Cullen Jennings <fluffy@cisco.com>
On Thu, May 10, 2012 at 7:30 AM, David Dahl <ddahl@mozilla.com> wrote: > One of the reasons for establishing this WG is to try and provide a more secure way of using crypto on the web. Keeping the private keys private is at the top of this list. We can establish a spec that only ever references private key IDs, making this much more secure than existing JS crypto libraries that have access to private key material. It's not clear to me that this is "much more secure". What's the threat model under which that is the case? -Ekr
Received on Thursday, 10 May 2012 14:45:47 UTC