W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Fri, 10 Jun 2011 20:17:21 +0200
Message-ID: <4DF25FB1.9030509@telia.com>
To: David Dahl <ddahl@mozilla.com>
CC: Nico Williams <nico@cryptonector.com>, public-web-security@w3.org, Jarred Nicholls <jarred@sencha.com>
On 2011-06-09 23:17, David Dahl wrote:
<snip>

> The client does all crypto operations and the server is only given
> cipher text to store

IMHO, this is a rather odd value proposition: The server is supposed
to provide JS-code for the client to encrypt data so that the server can't
see it.  Yes, cloud-storage services do this but they provide a lot
more than just a crypto API.

> - and, yes, key management is still a problem,
> which I know is a huge problem that will have a solution at some point.

The S/MIME people haven't got this ball running in 15 years so there's
not a surefire victory in sight :-(

> I think starting small and focused is a good way to get things rolling. 
> This API is useful enough as is, and a key management and exchange API
> will be designed to complement this.

I'm sure we will get a JS-API, primarily because it is simple to
implement and will have a very limited impact on browser "footprint".
When it comes to *usage* I remain a bit skeptical.

Anders

> 
> Regards,
> 
> David
> 
> 
> 
Received on Friday, 10 June 2011 18:18:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC