W3C home > Mailing lists > Public > public-webpayments@w3.org > December 2014

Re: P2P Payments

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Fri, 05 Dec 2014 11:19:25 -0500
Message-ID: <5481DB0D.5050705@digitalbazaar.com>
To: public-webpayments@w3.org
On 12/05/2014 11:07 AM, Manu Sporny wrote:
> On 12/05/2014 09:48 AM, Melvin Carvalho wrote:
>> Are you saying that all key material is governed by same origin
>> policy?
>> So what's the difference between this and just using localStorage?
> There is effectively no difference.

Depends on the meaning of "effectively". There is a slight difference -- 
my understanding is that with WebCrypto the server has no access to the 
key material itself, which means it can't take the key offline and do 
whatever it wants with it. Rather, it needs you to visit the server (hit 
the site in your browser) ... and then it can do whatever it wants with 
it. So there is a subtle difference there that brings slightly more 
security, but probably not the degree of security some may expect.

Dave Longley
Digital Bazaar, Inc.
Received on Friday, 5 December 2014 16:19:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:37 UTC