- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Fri, 05 Dec 2014 11:19:25 -0500
- To: public-webpayments@w3.org
On 12/05/2014 11:07 AM, Manu Sporny wrote: > On 12/05/2014 09:48 AM, Melvin Carvalho wrote: >> Are you saying that all key material is governed by same origin >> policy? > >> So what's the difference between this and just using localStorage? > There is effectively no difference. Depends on the meaning of "effectively". There is a slight difference -- my understanding is that with WebCrypto the server has no access to the key material itself, which means it can't take the key offline and do whatever it wants with it. Rather, it needs you to visit the server (hit the site in your browser) ... and then it can do whatever it wants with it. So there is a subtle difference there that brings slightly more security, but probably not the degree of security some may expect. -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Friday, 5 December 2014 16:19:50 UTC