structured cloning of key object and control from Mountie Lee on 2014-03-05 (public-webcrypto@w3.org from March 2014)

From: Mountie Lee <mountie@paygate.net>
Date: Wed, 5 Mar 2014 09:44:34 +0900
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CAE-+aYJyDzuZ=MaRk74VmumwkCTwzPMaLQ=hezYRvjjDLb=Pzw@mail.gmail.com>

Hi.
I have some questions.

still I'm trying to find best solutions for SOP issue from current
specifications.

when the key object is cloned and sent to different window of different
site via postMessage,
can we control the cloned object?

the control means
set max age
restrict key usage
set max key use count
...

when the cloned key object (not key raw material) was sent to window of
untrusted site,
the key will be exposed to risk.

regards
mountie.

-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Wednesday, 5 March 2014 00:45:19 UTC