[Bug 25721] extractable keys should be disabled by default


--- Comment #7 from Ryan Sleevi <sleevi@google.com> ---
(In reply to elijah from comment #6)
> > And the application author - NOT the user - is capable of making this tradeoff.
> > There is zero value in presenting to the user, which is why this is INVALID.
> This is the very crux of the matter. Does choosing to run a javascript
> application mean that the user must accept all the choices made by this
> application? 

Yes. This is how the Web works.

> The answer should be a resounding NO. In the real world, we are often not
> presented with rational choices where we can decide not to use a particular
> website. Imagine, for example, my bank sends me documents that need to be
> digitally signed. They use the services of a web service that does secure
> digital signatures of documents. I don't have a meaningful choice to not use
> the web service, but I should be given the choice if the web service is
> allowed access to my private keys generated by that origin.

Again, private keys generated by that origin.

Data generated by that origin - whether it be DOM Nodes, Javascript variables,
or keys - ARE automatically trusted for that origin. It is only when something
comes from outside that space - such as from the User Agent (eg: getUserMedia,
geolocation, File API) do things like permissions make sense.

I'm sorry, but this is an INVALID bug.

The Web Service should have access to whatever the Web Service created - the
same way it has access to Indexed DB, the same way it has access to cookies,
the same way it has access to DOM nodes it creates.

This is really quite fundamental to how the web works. Reopening this bug is
not going to change this.

You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 16 May 2014 21:04:10 UTC