W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2010

[whatwg] Proposal for secure key-value data stores

From: Dirk Pranke <dpranke@chromium.org>
Date: Tue, 30 Mar 2010 15:09:05 -0700
Message-ID: <w2g3726d1bf1003301509j352b48beve6f28dbda27bd1d7@mail.gmail.com>
On Tue, Mar 30, 2010 at 2:06 PM, Nicholas Zakas <nzakas at yahoo-inc.com> wrote:
> Yes, that's precisely what I'm talking about. It seems to me that this will end up being a pretty common pattern (encrypting/decrypting data stored locally).
> The idea behind letting the key to be defined by the developer is to allow any usage that developers deem appropriate for the situation. For example, one might want to only use a server-generated key to access the data, in which case this data won't be available offline but will be used to supplement the online behavior. Another might determine the key based on some information in a cookie, which is less secure but does allow offline access while also ensuring that if the cookie changes or is deleted, the data remains secure.
> The idea behind the expiration date is to allow developers to be sure the data won't stay around on disk indefinitely. Think about the Internet caf? use case where people are repeatedly logging in and out - we don't want everyone's data living on that computer for however many years it's in use.
> One way or another, I think JavaScript crypto is going to be important in the next few years.

Perhaps we should instead focus on a set of JS Crypto APIs, since that
is largely orthogonal to the storage APIs?

-- Dirk
Received on Tuesday, 30 March 2010 15:09:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:22 UTC