Re: [security-dev] input on bearer tokens and cookies

On 12/12/2012 05:54 PM, Bill Burke wrote: > > On 12/12/2012 6:46 PM, Anil Saldhana wrote: > > On 12/12/2012 05:31 PM, Bill Burke wrote: > > > Anil.............I know WTF PKI and symetric keys are...... > > > > > > Bill, the links on sym and pki were for others. Not you. :) Remember > > there are others who are reading > > the emails silently without answering. ;) > > > Fair enough, apologies. :) <gangnam-style/> See below. > > > > My question was, why would a browser Javascript app need to use private > > > keys? > > > > > > Maybe this use case is bogus. I am just thinking aloud. > > Ya same, I'm also curious to know if this use case is bogus or not, > hence my question. I know this question of JS and Private Key storage has popped up in this W3C Web Crypto WG (http://www.w3.org/2011/11/webcryptography-charter.html) where Bruno and I are part of. I am not following all the emails that flow in there. Based on this WG recommendations, the browsers are going to add support for secure storage for PKI in the browser. Maybe this usecase is not bogus but not possible to implement now due to the gap in browser support. _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org (mailto:security-dev@lists.jboss.org) https://lists.jboss.org/mailman/listinfo/security-dev