Drastically cutting primary features [was Re: Last call for public comments on Web Crypto charter] from Harry Halpin on 2011-11-23 (public-identity@w3.org from November 2011)

From: Harry Halpin <hhalpin@w3.org>
Date: Thu, 24 Nov 2011 00:14:38 +0100
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: public-identity@w3.org
Message-ID: <4ECD7E5E.7030204@w3.org>

On 11/18/2011 06:34 AM, Stephen Farrell wrote:
>
> I've very happy to see how this process has gone and the
> resulting charter. I have two comments:-
>
> I would strongly argue to move TLS key extraction into
> the list of primary features. I guess that function might
> not always produce a key, depending on client & server
> implementations, but I think its important that it be
> available since if/when it works, it would mean that an
> awful lot of people would not need to develop their own
> (and probably broken) key distribution schemes.

I'm catching up on older comments, and I'd like for people on this 
mailing list to notice the radical simplifying nature of Stephen's 
proposal.

By having key establishment come from TLS as the primary feature, it 
would get rid of the need for key storage, key agreement, and key 
generation from primary features. Or at least move those to secondary 
features!

What do people think?

It would be a radically simpler starting point for an API, which appeals 
to me.

>
> I would separately argue that the current list of primary
> functions (esp without TLS key extraction) is not really
> a "high-level API," right now, it looks much more like
> just any old crypto API (e.g. if you have D-H, which
> many developers might not understand very well). I think
> requiring the WG to more somehow at a higher level than
> JCE/JCA might be a way to indicate that.
>
> Regards,
> Stephen.
>
> On 11/17/2011 03:17 PM, Harry Halpin wrote:
>> Everyone,
>>
>> On next Tuesday, as said earlier, I plan to take the Web Cryptography
>> charter [1] from the wiki and put it into HTML as an "official draft
>> charter" then ask for preliminary feedback from the AC, before going to
>> real AC review in December (thus launching Working Group in January).
>>
>> So, if you have any comments, *now* is the time to send to the mailing
>> list. Suggested text replacement is most welcome.
>>
>>        cheers,
>>           harry
>>
>> [1] http://www.w3.org/wiki/IdentityCharter
>>
>>
>

Received on Wednesday, 23 November 2011 23:14:26 UTC