Re: New "Goals" (use-cases) - Is your use-case there, accurately described? from Stephen Farrell on 2011-12-09 (public-identity@w3.org from December 2011)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 09 Dec 2011 15:00:41 +0000
To: David Dahl <ddahl@mozilla.com>
CC: Harry Halpin <hhalpin@w3.org>, public-identity@w3.org
Message-ID: <4EE22299.2090802@cs.tcd.ie>

David,

On 12/09/2011 02:49 PM, David Dahl wrote:
> Harry:
>
> The "messaging" use case is a really big deal - this is the singular use case that I had in mind when creating DOMCrypt. This kind of functionality will make it possible for web developers to easily devise all kinds of new, more secure communications tools on the web.

Rhetorical question really: What makes you think "developers" will
do this better ("more secure") than the TLS folks have done it?

I think an API can help with security at a different layer from
TLS, and that's the point here and is worth doing, not that it'll
be "more secure" in some undefined sense.

In many cases the outcome will be less "secure" than using TLS
but still ok.

In some cases, the outcome will be broken and insecure applications
because people didn't know how to design security things and that'll
turn out to be a problem for someone.

In other cases, using this API will really produce a "more
secure" outcome compared to the status quo, but let's not pretend
that's going to happen all or most of the time.

S.

>
> Cheers,
>
> David
>
> ----- Original Message -----
>> From: "Harry Halpin"<hhalpin@w3.org>
>> To: public-identity@w3.org
>> Sent: Friday, December 9, 2011 6:54:55 AM
>> Subject: New "Goals" (use-cases) - Is your use-case there, accurately described?
>> I have to admit I'm disappointed that we haven't had more good
>> use-cases
>> come up on the mailing list, and while lots of people have discussed
>> particular features, very few people have discussed use-cases. Note
>> that
>> without use-cases, we will start withdrawing features. Here's the
>> current list [1].
>>
>> I've done my best with the fairly small bits of text I've gotten to
>> craft some use-cases. Please inspect and make sure the wording is
>> right,
>> and suggest to add/remove use-cases and connect the use-cases to
>> actual
>> features.
>>
>> Also note that we will send this charter to AC review now *after*
>> Christmas break. We could have done it earlier had people been a bit
>> more focused on the mailing list :)
>>
>> cheers,
>> harry
>>
>> [1] http://www.w3.org/2011/11/webcryptography-charter.html#goals
>
>

Received on Friday, 9 December 2011 15:01:20 UTC