W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25721] extractable keys should be disabled by default

From: <bugzilla@jessica.w3.org>
Date: Mon, 19 May 2014 23:07:46 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-tfSbLXCwiQ@http.www.w3.org/Bugs/Public/>

--- Comment #14 from elijah@riseup.net ---
Ryan, I understand that you don't personally like the idea of placing
restrictions on extractable keys, but the topic is clearly "within scope". I
just found this in the WebCrypto Charter:

> Primary API Features in scope are... the API should be asynchronous and
> must prevent or control access to secret key material and other sensitive
> cryptographic values and settings.


In light of this, I wish to make a formal objection to the inclusion of
extractable private keys in the WebCrypto API without user agent requirements
to disable this by default or require user consent.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 19 May 2014 23:07:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC