ISSUE-19: Does it make sense to have authorized-origin and specific-origin keys

origin-bound key

Does it make sense to have authorized-origin and specific-origin keys

State:
CLOSED
Product:
key definition for Web Crypto API
Raised by:
Virginie GALINDO
Opened on:
2012-08-13
Description:
In a thread mail under the topic of 'origin-bound key' there was a discussion about the possibility and the consistence to have keys associated with a specific origin, and how this would work when wanting to migrate that key from one service to another.
See http://lists.w3.org/Archives/Public/public-webcrypto/2012Aug/0030.html and related thread under the public mailing list.

The group has to make a decision on the need of such feature.
Related Actions Items:
No related actions
Related emails:
  1. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  2. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from watsonm@netflix.com on 2013-03-04)
  3. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  4. Re: ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from watsonm@netflix.com on 2013-03-04)
  5. ISSUE-9 [was Re: ISSUE-30: Key import/export?] (from hhalpin@w3.org on 2013-03-04)
  6. Re: ISSUE-19 is expecting proposal or will be postponed (from rbarnes@bbn.com on 2013-02-27)
  7. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from mountie.lee@mw2.or.kr on 2013-02-26)
  8. Re: ISSUE-30: Key import/export? (from mountie.lee@mw2.or.kr on 2013-02-26)
  9. Re: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from sleevi@google.com on 2013-02-25)
  10. Re: ISSUE-30: Key import/export? (from sleevi@google.com on 2013-02-25)
  11. Re: ISSUE-30: Key import/export? (from sleevi@google.com on 2013-02-25)
  12. ISSUE-30: Key import/export? (from hhalpin@w3.org on 2013-02-25)
  13. ISSUE-19 is expecting proposal or will be postponed (from Virginie.GALINDO@gemalto.com on 2013-02-25)
  14. W3C Web Crypto WG - classifying issues (from Virginie.GALINDO@gemalto.com on 2013-02-18)
  15. PROPOSAL: CLOSE ISSUE-40: How should we define key discovery, noting asynchronicity (from Virginie.GALINDO@gemalto.com on 2013-02-11)
  16. Re: PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from watsonm@netflix.com on 2013-02-11)
  17. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from rbarnes@bbn.com on 2013-02-08)
  18. Re: W3C Web Crypto WG - classifying issues (from sleevi@google.com on 2013-02-07)
  19. Re: PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from sleevi@google.com on 2013-02-07)
  20. Re: PROPOSAL: Move Issue-25: How do we provision a globally unique ID (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  21. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from sleevi@google.com on 2013-02-07)
  22. PROPOSAL: ??? ISSUE-24: Defining a synchronous API (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  23. PROPOSAL: Move Issue-25: How do we provision a globally unique ID (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  24. PROPOSAL: Postpone ISSUE-26: Should key generation be allowed to specify multi-origin access (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  25. PROPOSAL: Move ISSUE-30: How does the application know where the key is stored? (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  26. PROPOSAL: Postpone ISSUE-34: Representation of Certificates (was Re: W3C Web Crypto WG - classifying issues) (from sleevi@google.com on 2013-02-07)
  27. PROPOSAL: Move ISSUE-40: How should we define key discovery, noting asynchronicity ( was Re: W3C Web Crypto WG - classifying issues ) (from sleevi@google.com on 2013-02-07)
  28. RE: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from Virginie.GALINDO@gemalto.com on 2013-02-07)
  29. RE: PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access (from Virginie.GALINDO@gemalto.com on 2013-02-07)
  30. W3C Web Crypto WG - classifying issues (from Virginie.GALINDO@gemalto.com on 2013-02-07)
  31. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from rbarnes@bbn.com on 2013-02-05)
  32. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from sleevi@google.com on 2013-02-04)
  33. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from rbarnes@bbn.com on 2013-02-04)
  34. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from sleevi@google.com on 2013-02-04)
  35. Re: PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from rbarnes@bbn.com on 2013-02-04)
  36. Re: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from watsonm@netflix.com on 2013-02-04)
  37. RE: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from Asad.Ali@gemalto.com on 2013-02-04)
  38. Re: W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from S.Durbha@cablelabs.com on 2013-02-04)
  39. W3C Web Crypto WG - agenda for our call today @ 20:00 UTC (from Virginie.GALINDO@gemalto.com on 2013-02-04)
  40. PROPOSAL: Close ISSUE-19 - Does it make sense to have authorized-origin and specific-origin keys (from sleevi@google.com on 2013-01-31)
  41. Re: Proposal for ISSUE-25 (Globally unique pre-shared keys) (from sleevi@google.com on 2012-10-29)
  42. Re: Proposal for ISSUE-25 (Globally unique pre-shared keys) (from watsonm@netflix.com on 2012-10-29)
  43. Re: Proposal for ISSUE-25 (Globally unique pre-shared keys) (from watsonm@netflix.com on 2012-10-29)
  44. [W3C Web Crypto WG] functional features list in draft API and issue tracker (from Virginie.GALINDO@gemalto.com on 2012-08-22)
  45. Re: [W3C Web Crypto WG] functional features list in draft API and issue tracker (from sleevi@google.com on 2012-08-21)
  46. [W3C Web Crypto WG] functional features list in draft API and issue tracker (from Virginie.GALINDO@gemalto.com on 2012-08-21)
  47. crypto-ISSUE-19 (origin-bound key): Does it make sense to have authorized-origin and specific-origin keys [Web Cryptography API] (from sysbot+tracker@w3.org on 2012-08-13)

Related notes:

It would seem that between the ability to export and import keys, the use case of a domain transition would seem to be plausible using the API to export and wrap a keypair, then unwrap and import once using the new origin.

We can also reccomend that implementers provide an out of band (privileged UI, control panel, etc.) that allows 'blessing' keys created on one domain to be used on another.

David Dahl, 13 Aug 2012, 17:01:13

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 19.html,v 1.1 2017/02/13 16:16:50 ted Exp $