- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Fri, 10 Jun 2011 20:17:21 +0200
- To: David Dahl <ddahl@mozilla.com>
- CC: Nico Williams <nico@cryptonector.com>, public-web-security@w3.org, Jarred Nicholls <jarred@sencha.com>
On 2011-06-09 23:17, David Dahl wrote: <snip> > The client does all crypto operations and the server is only given > cipher text to store IMHO, this is a rather odd value proposition: The server is supposed to provide JS-code for the client to encrypt data so that the server can't see it. Yes, cloud-storage services do this but they provide a lot more than just a crypto API. > - and, yes, key management is still a problem, > which I know is a huge problem that will have a solution at some point. The S/MIME people haven't got this ball running in 15 years so there's not a surefire victory in sight :-( > I think starting small and focused is a good way to get things rolling. > This API is useful enough as is, and a key management and exchange API > will be designed to complement this. I'm sure we will get a JS-API, primarily because it is simple to implement and will have a very limited impact on browser "footprint". When it comes to *usage* I remain a bit skeptical. Anders > > Regards, > > David > > >
Received on Friday, 10 June 2011 18:18:36 UTC