W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Last call for Use-cases/Goals for web crypto charter

From: Andrew Sutherland <asutherland@asutherland.org>
Date: Thu, 24 Nov 2011 13:08:45 -0800
Message-ID: <4ECEB25D.5030106@asutherland.org>
To: public-identity@w3.org
On 11/24/2011 05:55 AM, Harry Halpin wrote:
> So everyone who has a use-case please send it now, described in 1-2 
> sentences. Then also, *look* at the primary/secondary/ and 
> out-of-scope features and list what features are necessary for the 
> goal. Also, to see if anything is missing.

Use-case: Encrypted messaging client.

Primary necessities: key pair generation, encryption, decryption, 
digital signature generation and verification, hash/message digest 
algorithms, key storage.
Secondary necessities: strong random number generation, destruction of 
temporary credentials

Primary not required: key transport/agreement algorithms


Additional details: Mozilla Labs has an encrypted messaging experiment 
under development, deuxdrop. ( https://github.com/mozilla/deuxdrop).  
While user trust of the client's code is more biased towards an 
extension model for deployment, we are trying to use as many web 
technologies as possible and to be capable of operating without any 
special privileges in a standard web browser.  Right now, crypto is 
provided by the NaCl library ( http://nacl.cr.yp.to/) exposed to JS via 
privileged js-ctypes shims, but if we could use baked-in web platform 
crypto like DOMCrypto or the outcome of the web crypto effort, that 
would be much better.  Obviously, the underlying crypto primitives would 
need to change, as I don't expect NaCl's primitives to be adopted, but 
our current implementation was never intended to be permanent.

Andrew
Received on Friday, 25 November 2011 13:11:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 25 November 2011 13:11:29 GMT