On 8/29/12 11:35 AM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:
On Wed, Aug 29, 2012 at 10:02 AM, Lu HongQian Karen
<karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>> wrote:
Hi Ryan,
I agree with you that Issue-30 needs more elaboration.
Regarding to keylocation, I was thinking
Enum keyLocation {
None, // unspecified
Browser, // browser's storage
Local, // local storage other than browser's
CryptoProvider // complexity: a user agent may have more than one cryptoProviders
};
The distinction between "Local" and "CryptoProvider" is fundamentally
flawed in assuming an implementation detail - since an implementation
may access "Local" (which I assume to mean 'OS storage', but in fact
can mean much more) storage via CryptoProviders.
In fact, all Browser storage is could simply be another CryptoProvider.
Note that the reason we are down this path is so that the application can limit the keys it wants the user to select. If you look at it, fundamentally, it is based on a provisioning model the app uses. Thus if the app provisioning does not include direct browser memory (regardless of what crypto provider the browser users), and only includes smart cards (external), then the app wants to search for 'external' keys only.
We are not talking about how browsers implement their storage – but how applications treat that storage. Its a question of key provisioning and trust models used.
So now we're down to only two (meaningful to web application) flags
enum {
None,
CryptoProvider
};
And since you may have multiple cryptoproviders, suddenly you need
ways to disambiguate crypto providers, and now you're back to an API
that requires providers, which has been repeatedly agreed that is not
a focus of this WG nor something that can be reliably implemented
across user agents.
Received on Wednesday, 29 August 2012 18:04:13 UTC