- From: Ryan Sleevi <sleevi@google.com>
- Date: Sat, 3 Nov 2012 13:59:49 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: "<public-webcrypto@w3.org>" <public-webcrypto@w3.org>, David Dahl <ddahl@mozilla.com>, Arun Ranganathan <arun@mozilla.com>
On Thu, Nov 1, 2012 at 8:21 AM, Mark Watson <watsonm@netflix.com> wrote: > Ryan, all, > > I'm sorry I missed the discussion of this. Can you explain how the application would find the Key object for a pre-provisioned key in the proposed new model ? It's clear how this is done with KeyStorage, so if you're going to remove KeyStorage we need a solution in the new model too. > > …Mark This proposal currently treats pre-provisioned keys as "out of scope" - which is to say, it says nothing for nor against them, nor how they may be implemented or exposed by a particular user agent. Given that pre-provisioned keys are a concept that, to some extent, have significant privacy concerns - in addition to being implementation-specific - this seems a reasonable balance between ensuring that the primary features and goals (as specified by the charter) are met, while equally being considerate and not actively forbidding features that can be further developed and standardized in a subsequent version of the document - particularly one that embraces the secondary feature of "multiple key containers", which I would suggest that keys not explicitly generated by an origin logically fall under.
Received on Saturday, 3 November 2012 21:00:17 UTC