- From: Mountie Lee <mountie.lee@mw2.or.kr>
- Date: Fri, 1 Feb 2013 10:19:41 +0900
- To: Ryan Sleevi <sleevi@google.com>
- Cc: public-webcrypto@w3.org
- Message-ID: <CAE-+aY+H=e5Mm4Wqu79BKk-hY7MazOgXqLKixQLb604kSoatNg@mail.gmail.com>
from the previous discussions I remember we have two proposals for this issue. one is allowing multi-origin shared acces for certificate associated case. second is allowing multi-origin shared access by user consent the reason why this issue is important is in the online banking usecases. users generate keypair at CA website and get certificate. and the certificate-private key pair should be used at other bank sites for signing document or verifying signature. as compared to TLS certificate usecases, it is also common sense. generating and getting certificate from CA site and using it at different site On Fri, Feb 1, 2013 at 4:18 AM, Ryan Sleevi <sleevi@google.com> wrote: > http://www.w3.org/2012/webcrypto/track/issues/26 > > I would like to propose that we CLOSE Issue-26. > > There have been no proposals put forward on how to securely address > multi-origin shared access. Further, such provisioning opens up a host > of security concerns that the use cases used to justify such access > are not compatible with. > > In the current specification, multi-origin applications may make use > of secure messaging exchanges, such as postMessage, to transition > across security domains, without requiring the granting of a single > origin full access to either plaintext or to keying material. > > As such, absent both concrete use cases and proposals, I propose that > this issue be closed. > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Friday, 1 February 2013 01:49:14 UTC