25621 – Provide better explanation for the concerns of Section 6

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25621 - Provide better explanation for the concerns of Section 6

Summary: Provide better explanation for the concerns of Section 6

Status:	RESOLVED FIXED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-05-09 00:28 UTC by Ryan Sleevi
Modified:	2014-06-16 23:20 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Ryan Sleevi 2014-05-09 00:28:32 UTC

Section 6 was largely drafted prior to the extraction of explicit key storage, and during the discussions of Named Key Discovery ( http://www.w3.org/TR/webcrypto-key-discovery/ )

This was raised as a concern during the W3C TAG review ( https://github.com/w3ctag/spec-reviews/issues/3#issuecomment-41521737 )

The security/privacy concerns of the base specification should be updated to reflect the fact that
  - The core specification does not provide any notion of key storage or persistent key access
  - There are significant concerns for any specification that does

Comment 1 Ryan Sleevi 2014-06-16 23:20:13 UTC

https://dvcs.w3.org/hg/webcrypto-api/rev/7a79e816e31b