- From: Ron Garret <ron@flownet.com>
- Date: Fri, 17 Feb 2012 11:00:06 -0800
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: public-identity@w3.org
On Feb 17, 2012, at 10:43 AM, Anders Rundgren wrote:
> On 2012-02-17 19:19, Ron Garret wrote:
>>
>> On Feb 17, 2012, at 4:52 AM, Anders Rundgren wrote:
>>
>>> I would personally have started with naive questions such as
>>>
>>> "What's wrong with signText?"
>>
>> For starters, it's not documented anywhere that I could find.
>
> Eh? I explicitly referred to the 1996 version:
> https://developer.mozilla.org/en/JavaScript_crypto
Yes, I looked at that page. The only occurrence of the string "signtext" on that page is this:
DOMString signText(DOMString stringToSign,
DOMString caOption /* ... */);
And the only occurrence of the string "caOption" is in that excerpt as well. That is not what I would consider adequate documentation.
> Poorly documented but actually used and even requested:
> http://www.google.az/support/forum/p/Chrome/thread?tid=3506388787b6fb7d&hl=en
Look, you asked what was wrong with signText. That it is "poorly document" is one of the things that is (currently) wrong with it. The problem is not that it is impossible to do crypto in Javascript. Javascript is after all a Turing-complete language. The problem is that it is (currently) *hard* to do crypto in Javascript. And signText does not (currently) make it any easier, partly because it is not (currently) adequately documented.
It is possible that the solution to all our problems is simply to document signText. I doubt it, but if you disagree the way to resolve the dispute is not to argue about it but to go write some documentation.
rg
Received on Friday, 17 February 2012 19:00:37 UTC