W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Re: security of a client-side JS API?

From: Zooko Wilcox-OHearn <zooko@leastauthority.com>
Date: Thu, 1 Nov 2012 04:08:13 -0600
Message-ID: <CAM_a8Jw_=zpncku2LtTHTRMdPYKzCAKD8ob+n_4cLDxTwid9kw@mail.gmail.com>
To: "Arthur D. Edelstein" <arthuredelstein@gmail.com>
Cc: Ryan Sleevi <sleevi@google.com>, public-webcrypto-comments@w3.org
On Wed, Oct 31, 2012 at 5:54 PM, Arthur D. Edelstein
<arthuredelstein@gmail.com> wrote:
>
> If you have any hints on who in W3C might be working on a proposal for an end-to-end encryption standard for the browser, I'd be very grateful! I haven't found it yet. :)

I too would be very interested in this. Please let me know what you
find. The relevance to *this* working group would be that this would
be a use case which the WebCrypto API might be able to support. You
might want to start by looking at WebRTC and asking people who work on
that standard. It provides end-to-end connectivity, and I believe it
comes with a Diffie-Hellman key exchange built in. So some of the hard
parts of developing secure e2e connections are already done by WebRTC!
And, WebRTC is already pretty far along in being implemented and
deployed.

https://en.wikipedia.org/wiki/WebRTC

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep

https://LeastAuthority.com
Received on Thursday, 1 November 2012 10:08:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 1 November 2012 10:08:42 GMT