[security-dev] input on bearer tokens and cookies
Bruno Oliveira
bruno at abstractj.org
Thu Dec 13 05:00:42 EST 2012
They will…in 2014 :)
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Wednesday, December 12, 2012 at 10:00 PM, Anil Saldhana wrote:
> On 12/12/2012 05:54 PM, Bill Burke wrote:
> >
> > On 12/12/2012 6:46 PM, Anil Saldhana wrote:
> > > On 12/12/2012 05:31 PM, Bill Burke wrote:
> > > > Anil.............I know WTF PKI and symetric keys are......
> > >
> > >
> > > Bill, the links on sym and pki were for others. Not you. :) Remember
> > > there are others who are reading
> > > the emails silently without answering. ;)
> >
> >
> > Fair enough, apologies. :)
>
> <gangnam-style/> See below.
> >
> > > > My question was, why would a browser Javascript app need to use private
> > > > keys?
> > >
> > >
> > > Maybe this use case is bogus. I am just thinking aloud.
> >
> > Ya same, I'm also curious to know if this use case is bogus or not,
> > hence my question.
>
>
> I know this question of JS and Private Key storage has popped up in this
> W3C Web Crypto WG
> (http://www.w3.org/2011/11/webcryptography-charter.html) where Bruno and
> I are part of. I am not following all the emails that flow in there.
> Based on this WG recommendations, the browsers are going to add support
> for secure storage for PKI in the browser. Maybe this usecase is not
> bogus but not possible to implement now due to the gap in browser support.
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org (mailto:security-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list