- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 4 Mar 2013 10:22:23 -0800
- To: Harry Halpin <hhalpin@w3.org>
- Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
> > To re-iterate, I'm not asking about export/import in terms of the WebIDL as > currently written. > > I'm asking about the notion that it is feasible developers may want to > read/write key material outside the browser. In which case, there's a > privacy angle that needs to be addressed. > > I'm pretty sure that's where the worries underlying ISSUE-9 come from, and > ISSUE-30. We addressed ISSUE-9 - long ago - by saying it would not, beyond what Mark's draft says. This was the entire crux of key discovery. > > If we want to say "import/export" is single-session and ephemeral, that's > fine although that eliminates a number of use-cases. When I brought up the > fact that all keys are ephemeral at the last telecon, it seemed folks in the > WG were surprised and wanted further discussion. That's what it has said from the beginning. Key import/export has always been separate from key discovery - the latter being potential issues for ISSUE-9/30, but having absolutely nothing to do with the import / export operations as they've ever been written.
Received on Monday, 4 March 2013 18:22:50 UTC