[security-dev] input on bearer tokens and cookies

Bruno Oliveira bruno at abstractj.org
Thu Dec 13 05:00:42 EST 2012


They will…in 2014 :)  


--  
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile



On Wednesday, December 12, 2012 at 10:00 PM, Anil Saldhana wrote:

> On 12/12/2012 05:54 PM, Bill Burke wrote:
> >  
> > On 12/12/2012 6:46 PM, Anil Saldhana wrote:
> > > On 12/12/2012 05:31 PM, Bill Burke wrote:
> > > > Anil.............I know WTF PKI and symetric keys are......
> > >  
> > >  
> > > Bill, the links on sym and pki were for others. Not you. :) Remember
> > > there are others who are reading
> > > the emails silently without answering. ;)
> >  
> >  
> > Fair enough, apologies. :)
>  
> <gangnam-style/> See below.
> >  
> > > > My question was, why would a browser Javascript app need to use private
> > > > keys?
> > >  
> > >  
> > > Maybe this use case is bogus. I am just thinking aloud.
> >  
> > Ya same, I'm also curious to know if this use case is bogus or not,
> > hence my question.
>  
>  
> I know this question of JS and Private Key storage has popped up in this  
> W3C Web Crypto WG  
> (http://www.w3.org/2011/11/webcryptography-charter.html) where Bruno and  
> I are part of. I am not following all the emails that flow in there.  
> Based on this WG recommendations, the browsers are going to add support  
> for secure storage for PKI in the browser. Maybe this usecase is not  
> bogus but not possible to implement now due to the gap in browser support.
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org (mailto:security-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/security-dev






More information about the security-dev mailing list