W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: Request for feedback: DOMCrypt API proposal

From: David Dahl <ddahl@mozilla.com>
Date: Fri, 3 Jun 2011 08:48:44 -0700 (PDT)
To: Rich Tibbett <richt@opera.com>
Cc: public-webapps@w3.org
Message-ID: <1378081845.111329.1307116124089.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
----- Original Message -----
From: "Rich Tibbett" <richt@opera.com>
To: "David Dahl" <ddahl@mozilla.com>
Cc: public-webapps@w3.org
Sent: Friday, June 3, 2011 6:25:15 AM
Subject: Re: Request for feedback: DOMCrypt API proposal

> I wonder whether the problem is actually just one of generating 
  sufficiently cryptographically secure PRNGs or whether there are real 
  benefits to creating a full-blown UA-based Crypto API and the can of 
  worms that might open.

With Firefox, we are sitting on top of a well tested, tried and true set of crypto APIs written in C that can be accessed via js-ctypes - and on a worker no less. I think your average web developer needs an elegant API that is using world class crypto under the hood instead of re-building the wheel.

naturally, giving JavaScript a secure PRNG would be great. There is a lot of discussion on this subject here: https://bugzilla.mozilla.org/show_bug.cgi?id=322529

Cheers,

David
Received on Friday, 3 June 2011 15:49:12 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT