Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?]

> To re-iterate, I'm not asking about export/import in terms of the WebIDL as
> currently written.
>  I'm asking about the notion that it is feasible developers may want to
> read/write key material outside the browser. In which case, there's a
> privacy angle that needs to be addressed.
> I'm pretty sure that's where the worries underlying ISSUE-9 come from, and
> ISSUE-30.

We addressed ISSUE-9 - long ago - by saying it would not, beyond what
Mark's draft says. This was the entire crux of key discovery.

> If we want to say "import/export" is single-session and ephemeral, that's
> fine although that eliminates a number of use-cases. When I brought up the
> fact that all keys are ephemeral at the last telecon, it seemed folks in the
> WG were surprised and wanted further discussion.

That's what it has said from the beginning. Key import/export has
always been separate from key discovery - the latter being potential
issues for ISSUE-9/30, but having absolutely nothing to do with the
import / export operations as they've ever been written.

Received on Monday, 4 March 2013 18:22:50 UTC