W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: State of the WebCrypto API

From: Eric Mill <eric@konklone.com>
Date: Sun, 11 Oct 2015 18:28:31 -0400
Message-ID: <CANBOYLVwx7+9e+pXi-pAJ-3sxhEL8ci1huGRYJmjzdfPwEv0jQ@mail.gmail.com>
To: noloader@gmail.com
Cc: Tony Arcieri <bascule@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>
On Sun, Oct 11, 2015 at 5:41 PM, Jeffrey Walton <noloader@gmail.com> wrote:

> On Sun, Oct 11, 2015 at 5:08 PM, Tony Arcieri <bascule@gmail.com> wrote:
> > On Sunday, October 11, 2015, Jeffrey Walton <noloader@gmail.com> wrote:
> >>
> >> Telling folks to upgrade to Windows 8 or 10 is just bike shedding. Its
> >> not a answer....
> >
> >
> > Actually, I gave several options, all of which solve this problem:
> >
> > 1) Use this shim: https://github.com/vibornoff/webcrypto-shim
> > 2) Use a more modern browser
> > 3) Use a more modern OS
>
> Two and three are not really solutions, they are simply bikeshedding.


That's not what "bikeshedding" means. You just don't like those solutions
personally, but they are solutions and will, eventually, be what everyone
does. Microsoft is a lot better at upgrading people with Windows 7 and up
than they were with XP.


> Two can increase attack surface, and even violate policy. For example,
> a corporate policy may prohibit installing non essential software like
> the Firefox browser on a Windows server. For those who don't violate
> policy, they have an increased attack surface.
>

That doesn't have any bearing on whether WebCrypto is achieving its goals,
or likely to become a standard. This is normal.


> The shim looks promising. But what's the point if WebCrypto is
> supposed to standardize these things? Why not forgo all the WebCrypto
> working group gyrations and skip to the shim?
>

This thread is pretty baffling. You may not prefer Windows 8/10 over 7, but
that's where Microsoft's going, and deprecating older browsers/OSes is how
things happen. Edge implemented WebCrypto, and MS isn't investing in old
browsers like IE11.

Many successful standards have gone through a "shim phase" as browsers
implement things at different paces. There's nothing out of the ordinary
here.

I second/third/whatever the closing of this thread.

-- Eric


>
> Jeff
>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>
Received on Sunday, 11 October 2015 22:29:36 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 11 October 2015 22:29:37 UTC