- From: <bugzilla@jessica.w3.org>
- Date: Fri, 16 May 2014 21:24:15 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #9 from elijah@riseup.net --- > The Web Service should have access to whatever the Web Service created - the > same way it has access to Indexed DB, the same way it has access to cookies, > the same way it has access to DOM nodes it creates. The origin web service did not create my private keys, it requested to have them created. This is a very important distinction. Keys are different than cookies or local storage, they are much more like location data. Otherwise, there is no point at all for any of the key stuff in WebCrypto: if keys were like cookies, then the keys should always just get generated on the server and sent to the client. Why isn't this the model of WebCrypto? Because keys are not like cookies, because it would be ridiculous to write an API that just said "generate keys on the server". Once you make the decision to allow client-side key generation, these keys suddenly become something very different than everything else dictated by the origin, they become something that the client should be able to control. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 16 May 2014 21:24:17 UTC