2010-12-01 21:43 EEST: Aryeh Gregor:
On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson i...@hixie.ch wrote:
It cannot, and should not. It's a user concern. If as a user I want all
data that you send me to be printed unencrypted and dropped out of my
office window for anyone to read, then I should
On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson i...@hixie.ch wrote:
It cannot, and should not. It's a user concern. If as a user I want all
data that you send me to be printed unencrypted and dropped out of my
office window for anyone to read, then I should be allowed to do that. :-)
It's
On Tue, 17 Aug 2010, Evan Ireland wrote:
I might wish to build an offline web application which will refuse to
operate if the browser cannot guarantee that the database is encrypted.
Now full-disk encryption would be fine (if the O/S has a power-on
password), but how can my web application
On Aug 16, 2010, at 6:58 PM, Ian Hickson wrote:
On Tue, 30 Mar 2010, Nicholas Zakas wrote:
In attempting to use localStorage at work, we ran into some major
security issues. Primary among those are the guidelines we have in place
regarding personalized user data. The short story is that
On Tue, Aug 17, 2010 at 4:00 AM, Jeremy Orlow jor...@chromium.org wrote:
On Tue, Aug 17, 2010 at 12:31 AM, Dirk Pranke dpra...@chromium.org wrote:
On Mon, Aug 16, 2010 at 3:58 PM, Ian Hickson i...@hixie.ch wrote:
On Tue, 30 Mar 2010, Dirk Pranke wrote:
Nicholas is almost certainly
On Tue, 30 Mar 2010, Nicholas Zakas wrote:
In attempting to use localStorage at work, we ran into some major
security issues. Primary among those are the guidelines we have in place
regarding personalized user data. The short story is that personalized
data cannot be stored on disk unless
of the database API so we can be confident that database storage is secure.
-Original Message-
From: Ian Hickson [mailto:i...@hixie.ch]
Sent: Tuesday, 17 August 2010 10:58 a.m.
To: whatwg@lists.whatwg.org
Subject: [whatwg] Proposal for secure key-value data stores
On Tue, 30 Mar 2010
On Mon, Aug 16, 2010 at 3:58 PM, Ian Hickson i...@hixie.ch wrote:
On Tue, 30 Mar 2010, Dirk Pranke wrote:
Nicholas is almost certainly discussing the case where the service
provider requires any data stored on a customer's computer to be
encrypted, not the provider's own computers. (e.g.,
On Tue, 6 Apr 2010, Jeremy Orlow wrote:
On Wed, Mar 31, 2010 at 1:13 AM, Nicholas Zakas wrote:
It would be really nice if, in addition to having access to crypto
functions, there was an area where I could stick data that would get
encrypted automatically (and of course, where I could
...@lists.whatwg.org
[mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Jeremy Orlow
Sent: Thursday, April 08, 2010 7:49 AM
To: Paul Kinlan
Cc: whatwg@lists.whatwg.org; Dirk Pranke; Nicholas Zakas; Jonas Sicking;
Eric Uhrhane
Subject: Re: [whatwg] Proposal for secure key-value data stores
This is getting
, April 08, 2010 3:14 AM
To: Jonas Sicking
Cc: whatwg@lists.whatwg.org; Dirk Pranke; Nicholas Zakas; Eric Uhrhane
Subject: Re: [whatwg] Proposal for secure key-value data stores
On Thu, Apr 8, 2010 at 2:10 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 5:44 PM, Jeremy Orlow jor
Sicking
*Cc:* whatwg@lists.whatwg.org; Dirk Pranke; Nicholas Zakas; Eric Uhrhane
*Subject:* Re: [whatwg] Proposal for secure key-value data stores
On Thu, Apr 8, 2010 at 2:10 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 5:44 PM, Jeremy Orlow jor...@chromium.org wrote:
I
On Wed, Apr 14, 2010 at 5:23 PM, Nicholas Zakas nza...@yahoo-inc.com wrote:
I tried to articulate some of my thoughts as to why a generate purpose
crypto isn’t enough to be useful and why trying to tack onto local storage
could get messy:
On Thu, Apr 8, 2010 at 2:10 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 5:44 PM, Jeremy Orlow jor...@chromium.org wrote:
I don't think this is enough of a
problem to kill the feature though.
I think this is a good feature to try and integrate into existing APIs if
Hi,
I have a specific use-case where encryption is required, and currently the
only solution is to find a JS library that can encrypt the data on the way
in or way out of storage.
The main cases I have:
1. Storage needs to be encrypted on disk, device etc.
2. Data needs to be in decrypted
This is getting fairly tiresome. If you're interested in continuing this
thread, please actually read the replies thus far and directly respond to
the points rather than re-stating what's already been rebutted.
On Thu, Apr 8, 2010 at 3:17 PM, Paul Kinlan paulkin...@google.com wrote:
Hi,
I
@lists.whatwg.org; Dirk Pranke
Subject: Re: [whatwg] Proposal for secure key-value data stores
Sorry for misunderstanding your original suggestion.
On Wed, Mar 31, 2010 at 1:13 AM, Nicholas Zakas nza...@yahoo-inc.com wrote:
I certainly can't argue against a focus on JS crypto. :) What I'd like
Zakas
Cc: whatwg@lists.whatwg.org; Dirk Pranke
Subject: Re: [whatwg] Proposal for secure key-value data stores
Sorry for misunderstanding your original suggestion.
On Wed, Mar 31, 2010 at 1:13 AM, Nicholas Zakas nza...@yahoo-inc.com
wrote:
I certainly can't argue against a focus on JS
Subject: Re: [whatwg] Proposal for secure key-value data stores
Sorry for misunderstanding your original suggestion.
On Wed, Mar 31, 2010 at 1:13 AM, Nicholas Zakas nza...@yahoo-inc.com
wrote:
I certainly can't argue against a focus on JS crypto. :) What I'd like to
do
is eliminate
On Wed, Apr 7, 2010 at 4:29 PM, Jeremy Orlow jor...@chromium.org wrote:
In regards to data expiration, part of ensuring the security of data is
knowing how long it will be stored on disk. If I let someone borrow my
computer to check their email, and the email client happens to save some
On Thu, Apr 8, 2010 at 12:48 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 4:29 PM, Jeremy Orlow jor...@chromium.org wrote:
In regards to data expiration, part of ensuring the security of data
is
knowing how long it will be stored on disk. If I let someone borrow my
On Thu, Apr 8, 2010 at 1:09 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 4:54 PM, Jeremy Orlow jor...@chromium.org wrote:
On Thu, Apr 8, 2010 at 12:48 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Apr 7, 2010 at 4:29 PM, Jeremy Orlow jor...@chromium.org
wrote:
for secure key-value data stores
On Tue, Mar 30, 2010 at 2:06 PM, Nicholas Zakas nza...@yahoo-inc.com
wrote:
Yes, that's precisely what I'm talking about. It seems to me that this
will end up being a pretty common pattern (encrypting/decrypting data stored
locally).
The idea behind letting
Hi everyone,
In attempting to use localStorage at work, we ran into some major
security issues. Primary among those are the guidelines we have in place
regarding personalized user data. The short story is that personalized
data cannot be stored on disk unless it's encrypted using a
Most companies that have such policies enforce them with software that
encrypts your home directory (or entire hard drive). Since most (all?)
browsers store such data within a users home directory, that should be
sufficient for the specific case you're mentioning. (Well, except
for expiration.)
On Tue, Mar 30, 2010 at 12:19 PM, Jeremy Orlow jor...@chromium.org wrote:
Lastly, we really should not be creating new APIs that are synchronous that
involve multiple top level windows (like LocalStorage and this API you're
proposing). It makes it very difficult to achieve isolation and
Nicholas is almost certainly discussing the case where the service
provider requires any data stored on a customer's computer to be
encrypted, not the provider's own computers. (e.g., this could be a
Yahoo! policy that data stored on Yahoo! users' computers must be
encrypted).
Hence they cannot
: [whatwg] Proposal for secure key-value data stores
Nicholas is almost certainly discussing the case where the service
provider requires any data stored on a customer's computer to be
encrypted, not the provider's own computers. (e.g., this could be a
Yahoo! policy that data stored on Yahoo! users
To: Nicholas Zakas
Cc: whatwg@lists.whatwg.org; Jeremy Orlow
Subject: Re: [whatwg] Proposal for secure key-value data stores
On Tue, Mar 30, 2010 at 2:06 PM, Nicholas Zakas nza...@yahoo-inc.com wrote:
Yes, that's precisely what I'm talking about. It seems to me that this will
end up being a pretty
29 matches
Mail list logo