[Bug 25721] extractable keys should be disabled by default


--- Comment #2 from elijah@riseup.net ---
> I'm afraid you've misunderstood this specification. Keys created with this API are not like location, are not sensitive, and do not require UI confirmation. That's because the keys exposed by this API (as opposed to, say, Key Discovery, which is not part of this specification) are created at the request of the origin.

Yes, obviously, I understand perfectly well. Everyone on the internet is
concerned with privacy, and this means NOT trusting the origin for everything.
The origin should be able to request that keys are created, and use those keys,
but should not have the raw key unless the user wants them to.

> Every operation permitted or exposed by this API is an operation that could be implemented within Javascript today - with greater risk (to the site operator, not the user), but possible.

Exactly the point! Allowing key extraction makes the key handling basically no
better than what we have today, with the added false sense of security.

You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 15 May 2014 06:07:12 UTC