PROPOSAL: Close ISSUE-26 - Should key generation be allowed to specify multi-origin shared access from Ryan Sleevi on 2013-01-31 (public-webcrypto@w3.org from January 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 31 Jan 2013 11:18:26 -0800
To: public-webcrypto@w3.org
Message-ID: <CACvaWvYWntbRfKdXDTRLD7cSa2gBJdBdmuhKxpf3Ey8szGoUiw@mail.gmail.com>

http://www.w3.org/2012/webcrypto/track/issues/26

I would like to propose that we CLOSE Issue-26.

There have been no proposals put forward on how to securely address
multi-origin shared access. Further, such provisioning opens up a host
of security concerns that the use cases used to justify such access
are not compatible with.

In the current specification, multi-origin applications may make use
of secure messaging exchanges, such as postMessage, to transition
across security domains, without requiring the granting of a single
origin full access to either plaintext or to keying material.

As such, absent both concrete use cases and proposals, I propose that
this issue be closed.

Received on Thursday, 31 January 2013 19:18:53 UTC