W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Last call for public comments on Web Crypto charter

From: Richard Barnes <rbarnes@bbn.com>
Date: Mon, 21 Nov 2011 09:08:46 -0500
Cc: public-identity@w3.org
Message-Id: <E5D13C8C-872B-4AF7-99C5-BDDDFD40F7C4@bbn.com>
To: Harry Halpin <hhalpin@w3.org>
Hi Harry,

I have a few comments on the Scope section.  Coming at this from the perspective of someone generally knowledgeable about crypto stuff, but new to this group.

The primary features in scope are encryption, decryption, digital signature generation and verification, hash/message digest algorithms, confidentiality algorithms, key transport/agreement algorithms, HMAC algorithms, key pair generation, and key storage on the device. In addition, the API should be asynchronous and must prevent external access to secret material.
-- It would be helpful to have a little more clarity in this text.  
-- I don't know how "confidentiality algorithms" differs from "encryption"
-- I don't know what "key transport/agreement algorithms" means in this context
-- Bullets might help readability
The primary features in scope are the following:
   * Symmetric encryption and decryption 
   * Digital signature generation and verification
   * Hash / message digest algorithms 
   * HMAC algorithms
   * Generation of asymmetric key pairs
   * Secure storage for private keys and symmetric keys

Secondary features might include: strong random generation, control of session login/logout, extraction of keys from TLS sessions, PKI scheme validation, destruction of temporary credentials, storage of secrets in a tamper-proof container, non-opaque key identifiers (assuming by default all key identifiers are opaque in the normal case), the availibility of multiple key containers (in either hardware or software).
-- I would suggest moving random number generation to the main feature list.  It's not a complicated thing to put an API to.
-- I don't know what the phrase "PKI scheme validation" means
-- Isn't "storage of secrets..." covered by the key storage bullet above?  
-- In addition to multiple key containers, you might also have multiple crypto services.  The work would seem to be about the same to implement both of these; either way you need an identify the container/service.
-- Bullets would probably help readability here too.

Hope this helps,

On Nov 17, 2011, at 11:17 PM, Harry Halpin wrote:

> Everyone,
> On next Tuesday, as said earlier, I plan to take the Web Cryptography
> charter [1] from the wiki and put it into HTML as an "official draft
> charter" then ask for preliminary feedback from the AC, before going to
> real AC review in December (thus launching Working Group in January).
> So, if you have any comments, *now* is the time to send to the mailing
> list. Suggested text replacement is most welcome.
>      cheers,
>         harry
> [1] http://www.w3.org/wiki/IdentityCharter
Received on Monday, 21 November 2011 14:09:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC