[Remote CryptoKeys] “remote” CryptoKeys should be renamed, suggest “syncable” #111
Comments
|
We agree that ”remote“ may not be the correct term for these keys. However, it seems that it should be observable from the browser’s perspective that the key material exists in memory that is inaccessible to the browser. Another related property of these keys that should be observable is that they’re long lived. Clearing browser storage should not delete the actual key material (even if the |
|
FWIW, in #110 I proposed |
|
Will ExternalKey make sense? External means this key is not in browser memory, the keys can stored in TPM/TEE/SE or other external devices(via PKCS#11).
|
|
Please let's consider another perspective: OS-native keyrings. These are already available on users' computers and support integrations with hardware wallets, etc., making them valuable to include. Regarding terminology, I'm not sure "External" is the best choice. It implies something outside the browser, but that may not be clear to users and could instead evoke the idea of an external device. Perhaps the core issue lies in distinguishing between browser-based and non-browser keyrings. However, since browsers don’t provide standardized embedded keyrings, this distinction might not be necessary or intuitive. What about using |
There’s no spec-meaningful way here in which the keys specified are “remote”. Specs can’t define where the key material is at rest or in memory. The distinct property of these keys that is observable and not an implementation detail is that they can sync between the user’s devices. A potential secondary benefit is that they can be written or read by certain native apps, but we may need a registry specifying how this is done for each distinct platform.
The text was updated successfully, but these errors were encountered: