- From: Richard L. Barnes <rbarnes@bbn.com>
- Date: Thu, 10 May 2012 10:57:37 -0400
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: David Dahl <ddahl@mozilla.com>, Nadim <nadim@nadim.cc>, public-webcrypto@w3.org, Cullen Jennings <fluffy@cisco.com>
On May 10, 2012, at 10:44 AM, Eric Rescorla wrote: > On Thu, May 10, 2012 at 7:30 AM, David Dahl <ddahl@mozilla.com> wrote: >> One of the reasons for establishing this WG is to try and provide a more secure way of using crypto on the web. Keeping the private keys private is at the top of this list. We can establish a spec that only ever references private key IDs, making this much more secure than existing JS crypto libraries that have access to private key material. > > It's not clear to me that this is "much more secure". What's the > threat model under which > that is the case? Same as the threat model under which HSMs are more secure than software crypto modules. If the API ensures application-layer code can't see the keys, it's one less thing to validate / worry about. --Richard
Received on Thursday, 10 May 2012 14:58:11 UTC