[Bug 25721] extractable keys should be disabled by default from bugzilla@jessica.w3.org on 2014-05-19 (public-webcrypto@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 19 May 2014 23:07:46 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-tfSbLXCwiQ@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721

--- Comment #14 from elijah@riseup.net ---
Ryan, I understand that you don't personally like the idea of placing
restrictions on extractable keys, but the topic is clearly "within scope". I
just found this in the WebCrypto Charter:

> Primary API Features in scope are... the API should be asynchronous and
> must prevent or control access to secret key material and other sensitive
> cryptographic values and settings.

(http://www.w3.org/2011/11/webcryptography-charter.html)

In light of this, I wish to make a formal objection to the inclusion of
extractable private keys in the WebCrypto API without user agent requirements
to disable this by default or require user consent.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 19 May 2014 23:07:48 UTC