- From: Mark Watson <watsonm@netflix.com>
- Date: Sun, 4 Nov 2012 03:27:25 +0000
- To: Ryan Sleevi <sleevi@google.com>
- CC: "<public-webcrypto@w3.org>" <public-webcrypto@w3.org>, David Dahl <ddahl@mozilla.com>, Arun Ranganathan <arun@mozilla.com>
Sent from my iPhone On Nov 3, 2012, at 1:59 PM, "Ryan Sleevi" <sleevi@google.com> wrote: > On Thu, Nov 1, 2012 at 8:21 AM, Mark Watson <watsonm@netflix.com> wrote: >> Ryan, all, >> >> I'm sorry I missed the discussion of this. Can you explain how the application would find the Key object for a pre-provisioned key in the proposed new model ? It's clear how this is done with KeyStorage, so if you're going to remove KeyStorage we need a solution in the new model too. >> >> …Mark > > This proposal currently treats pre-provisioned keys as "out of scope" > - which is to say, it says nothing for nor against them, nor how they > may be implemented or exposed by a particular user agent. > > Given that pre-provisioned keys are a concept that, to some extent, > have significant privacy concerns - in addition to being > implementation-specific - this seems a reasonable balance between > ensuring that the primary features and goals (as specified by the > charter) are met Pre-provisioned origin-specific keys are very much a primary feature, as far as I am concerned, as we have made clear from the very beginning of this work. I understand from our conversation that your proposal would support them and I think the specification needs to say how. ...Mark > , while equally being considerate and not actively > forbidding features that can be further developed and standardized in > a subsequent version of the document - particularly one that embraces > the secondary feature of "multiple key containers", which I would > suggest that keys not explicitly generated by an origin logically fall > under. >
Received on Sunday, 4 November 2012 03:27:54 UTC