[Bug 25621] New: Provide better explanation for the concerns of Section 6 from bugzilla@jessica.w3.org on 2014-05-09 (public-webcrypto@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 09 May 2014 00:28:32 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25621-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25621

            Bug ID: 25621
           Summary: Provide better explanation for the concerns of Section
                    6
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: sleevi@google.com
                CC: domenic@domenicdenicola.com, public-webcrypto@w3.org

Section 6 was largely drafted prior to the extraction of explicit key storage,
and during the discussions of Named Key Discovery (
http://www.w3.org/TR/webcrypto-key-discovery/ )

This was raised as a concern during the W3C TAG review (
https://github.com/w3ctag/spec-reviews/issues/3#issuecomment-41521737 )

The security/privacy concerns of the base specification should be updated to
reflect the fact that
  - The core specification does not provide any notion of key storage or
persistent key access
  - There are significant concerns for any specification that does

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 9 May 2014 00:28:34 UTC