[security-dev] input on bearer tokens and cookies

Anil Saldhana Anil.Saldhana at redhat.com
Wed Dec 12 19:00:20 EST 2012

On 12/12/2012 05:54 PM, Bill Burke wrote:
> On 12/12/2012 6:46 PM, Anil Saldhana wrote:
>> On 12/12/2012 05:31 PM, Bill Burke wrote:
>>> Anil.............I know WTF PKI and symetric keys are......
>> Bill, the links on sym and pki were for others. Not you. :) Remember
>> there are others who are reading
>> the emails silently without answering. ;)
> Fair enough, apologies. :)
<gangnam-style/>  See below.
>>> My question was, why would a browser Javascript app need to use private
>>> keys?
>> Maybe this use case is bogus.  I am just thinking aloud.
> Ya same, I'm also curious to know if this use case is bogus or not,
> hence my question.
I know this question of JS and Private Key storage has popped up in this 
W3C Web Crypto WG 
(http://www.w3.org/2011/11/webcryptography-charter.html) where Bruno and 
I are part of.  I am not following all the emails that flow in there.  
Based on this WG recommendations, the browsers are going to add support 
for secure storage for PKI in the browser. Maybe this usecase is not 
bogus but not possible to implement now due to the gap in browser support.

More information about the security-dev mailing list