- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 1 Nov 2012 11:24:22 +0100
- To: Zooko Wilcox-OHearn <zooko@leastauthority.com>
- Cc: "Arthur D. Edelstein" <arthuredelstein@gmail.com>, Ryan Sleevi <sleevi@google.com>, public-webcrypto-comments@w3.org
As Zooko says, WebRTC provides a mechanism for establishing an end-to-end cryptographically protected data channel (for those who care, SCTP over DTLS. These channels can be created and accessed by JS. In terms of implementation status, this "datachannel" functionality is available in the current Firefox Aurora build (though this it's kind of a hard-hat area) and under active development for Chromium. (Though Chrome's WebRTC implementation is generally further along). -Ekr On Thu, Nov 1, 2012 at 11:08 AM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote: > On Wed, Oct 31, 2012 at 5:54 PM, Arthur D. Edelstein > <arthuredelstein@gmail.com> wrote: >> >> If you have any hints on who in W3C might be working on a proposal for an end-to-end encryption standard for the browser, I'd be very grateful! I haven't found it yet. :) > > I too would be very interested in this. Please let me know what you > find. The relevance to *this* working group would be that this would > be a use case which the WebCrypto API might be able to support. You > might want to start by looking at WebRTC and asking people who work on > that standard. It provides end-to-end connectivity, and I believe it > comes with a Diffie-Hellman key exchange built in. So some of the hard > parts of developing secure e2e connections are already done by WebRTC! > And, WebRTC is already pretty far along in being implemented and > deployed. > > https://en.wikipedia.org/wiki/WebRTC > > Regards, > > Zooko Wilcox-O'Hearn > > Founder, CEO, and Customer Support Rep > > https://LeastAuthority.com >
Received on Thursday, 1 November 2012 12:13:10 UTC