W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: State of the WebCrypto API

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 11 Oct 2015 23:55:14 +0200
To: Tony Arcieri <bascule@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <561ADAC2.1040608@gmail.com>
On 2015-10-11 19:34, Tony Arcieri wrote:
> On Sun, Oct 11, 2015 at 7:18 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>     So apparently Internet Explorer which is the only Microsoft-browser available for Windows 7-8.X still doesn't support the published WebCrypto API.
> Good thing Windows 7-8.X users are eligible for a free upgrade to Windows 10 where they could use Edge! Or they could, you know, just install Chrome or Firefox.

Well, what I meant is that WebCrypto didn't got top priority.  IMO, this is probably be related to utility.

>     The only reasonable conclusion is that WebCrypto is not the "final solution" to client-side crypto for the Web.
>     A more practical approach had been to reuse the already deployed native crypto support which also had put an end to the discussions around secure key-storage.
> What "already deployed native crypto" are you talking about that works in Internet Explorer 11?

There's obviously no such thing and that's the problem in a nutshell.

The predecessors (no matter how lame they may appear), actually did support "already deployed native crypto", through the use of extensions.

Would it possible to get some constructive feedback on this? :

     "Example features in scope for use-cases include: attesting the presence of hardware module,
      enabling secure environment execution for Javascript, using specific services enabled in
      hardware module, hardware-based key usage, and cryptographic primitives"

Anders Rundgren

> -- 
> Tony Arcieri
Received on Sunday, 11 October 2015 21:55:48 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 11 October 2015 21:55:48 UTC