VERY IMPORTANT but unclear from Mountie Lee on 2013-10-23 (public-webcrypto@w3.org from October 2013)

From: Mountie Lee <mountie@paygate.net>
Date: Wed, 23 Oct 2013 10:21:48 +0900
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CAE-+aYJDDx9vwHLsExLdvfYMP-eyKDJo83YTzv=-PtTVfuOSOQ@mail.gmail.com>

Hi.
I think keystore is very important in crypto operations.
but it is out-of-scope.

how much secure the keystore?
will it have backward compatibility of windows CSP or NSS?
can we protect keystore with PIN protected?

many things are unclear.

if the keystore is unsafe or not acceptable, many features in webcrypto
spec will be unusable.

can we touch the keystore security requirements?
can we move some part of keystore to in-scope?

regards
mountie.

-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Wednesday, 23 October 2013 01:22:33 UTC