[Bug 25721] extractable keys should be disabled by default


--- Comment #16 from Tom Lowenthal <me@tomlowenthal.com> ---
These concerns are not based on a misunderstanding. Instead, they are only
considered unrealistic because of an overly-contrained formal threat model
which is manifoldly incompatible with plausible threats.

I also formally object to the inclusion of extractable keys as a required
component of this API.

My objection could be mitigated by normatively recommending that browsers
engage in user-interaction both when generating an extractable key and when it
is requested that such a key be exported. A normative description of additional
API parameters 

In addition, a non-normative recommendation should be given than web
applications which request the generation of an extractable key check to see
whether the key generated in this way has the extractabe flag. This would allow
for the UA behavior of allowing a generation request for an extractable key to
be resolved with a non-extractable key if the user chooses.

I think that browsers' user prompts for location information are a completely
appropriate basic model for these types of requests.

You are receiving this mail because:
You are on the CC list for the bug.

Received on Wednesday, 21 May 2014 00:10:08 UTC