- From: <bugzilla@jessica.w3.org>
- Date: Mon, 28 Jul 2014 21:45:12 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #23 from Tom Lowenthal <me@tomlowenthal.com> --- Ryan, I chose my words carefully. I said “trustworthy” not “secure”. I think that the option of extractable keys makes it harder for applications built on this API to be worthy of users' trust. As you say — if someone wants to make a key which they can extract, they can do that right now. My objection is based on the firm belief that the ability to extract keys is a harmful design pattern. I think that this choice would give developers enough rope to shoot themselves in the foot which would be harmful to web security. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 28 July 2014 21:45:13 UTC