- From: <bugzilla@jessica.w3.org>
- Date: Mon, 19 May 2014 23:29:11 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25710 --- Comment #3 from Ryan Sleevi <sleevi@google.com> --- (In reply to Matt Miller from comment #2) > As a user of the API, I do find it worthwhile to be able to explicitly > invalidate a key. However, since the WG consensus seems to be to rely on > ECMAScript's object lifetime, I can live with this for now. It would help > users of the API if that it were stated, even non-normatively. What's the use case for explicitly invalidating? How is explicit invalidation meant to operate - when the user has multiple tabs open - when the user has postMessage()'d the key to a worker - when the user has postMessage()'d the key to another origin Note that answering any of these questions implies assumptions about a storage model, which as you noted, is something we've attempted assiduously to avoid. IndexedDB has largely addressed these (with a significant bit of complexity added to the underlying HTML spec to handle database locking semantics). Likewise, other APIs have outright refused to create multi-context aware objects (eg: ArrayBuffer being Transferrable, rather than Cloneable) for this reason. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 19 May 2014 23:29:13 UTC