W3C home > Mailing lists > Public > public-web-security@w3.org > February 2012

Re: Request for feedback: DOMCrypt API proposal

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 22 Feb 2012 21:06:50 +0000
To: <ddahl@mozilla.com>
CC: <Frederick.Hirsch@nokia.com>, <public-web-security@w3.org>
Message-ID: <45FDEE03-D047-4967-8D19-933A9D5101DF@nokia.com>
David

Is the difference of approach  and methods between DOMCrypt and  node.js due to a desire to have async callbacks in DOMCrypt? 
Will the differences create any adoption/portability concerns?

for example

DOMCrypt:  CryptoHash with a method to append data to a buffer and then "hash" to create the hash

node.js: crypto.createHash(algorithm), hash.update(data), hash.digest

or more interestingly

DOMCrypt: sign(key, plaintext), callback with signature

node.js: crypto.createSign(algorithm), signer.update(data), signer.sign(privatekey)

What are the options for key pair generation. node.js allows DiffieHellman and pbkdf2, what is the algorithm support intended for DOMCrypt?

Where in DOMCrypt is the signing algorithm specified - in general, what is the approach toward algorithm agility?

(I see in the blog [1] methods to specify the algorithm, but not in the draft spec [2], are both defining the API?)

Presumably the algorithm support will be limited by OpenSSL?

Thanks

regards, Frederick

Frederick Hirsch
Nokia

[1] http://monocleglobe.wordpress.com/2011/06/01/domcrypt-update-2011-06-01/

[2] https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
Received on Wednesday, 22 February 2012 21:07:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 22 February 2012 21:07:36 GMT