W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Drastically cutting primary features [was Re: Last call for public comments on Web Crypto charter]

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 24 Nov 2011 13:40:06 +0000
Message-ID: <4ECE4936.6070305@cs.tcd.ie>
To: David Dahl <ddahl@mozilla.com>
CC: Mark Watson <watsonm@netflix.com>, public-identity <public-identity@w3.org>, Harry Halpin <hhalpin@w3.org>

Saying why would be interesting. Many people have said they can't
do TLS when its turned out that they could in fact do TLS so what
is it that you need that you can't get via TLS with key insertion
(for e.g. TLS-PSK renegotiation) and key extraction and some
simple functions to use extracted keys?

I realise a generic crypto API can be used for all sorts of fun,
but the claim here seems to be that such an API is necessary.
My claim is that such an API is basically JCE/JCA which is not
a simple API.

S.

On 11/24/2011 01:32 PM, David Dahl wrote:
> +1
>
> ----- Original Message -----
>> From: "Mark Watson"<watsonm@netflix.com>
>> To: "Harry Halpin"<hhalpin@w3.org>
>> Cc: "Stephen Farrell"<stephen.farrell@cs.tcd.ie>, "<public-identity@w3.org>"<public-identity@w3.org>
>> Sent: Thursday, November 24, 2011 10:48:03 AM
>> Subject: Re: Drastically cutting primary features [was Re: Last call for public comments on Web Crypto charter]
>> Harry,
>>
>> The possibility to develop secure application protocols in Javascript,
>> without using TLS, is exactly the one of the points of this API, at
>> least for us. The possibility to use pre-provisioned keys is also an
>> essential component. So I wouldn't be in favor of this change and I'm
>> not even sure it's a "simplification".
>>
>> ...Mark
>
>
Received on Thursday, 24 November 2011 13:40:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 24 November 2011 13:40:53 GMT