W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Re: security of a client-side JS API?

From: Arthur D. Edelstein <arthuredelstein@gmail.com>
Date: Thu, 1 Nov 2012 09:05:00 -0700
Message-ID: <CADHWJb7xZ1Jw9Eh8wqHoBiJs7nAPLAB_i192Hy1KtC8uggHwyw@mail.gmail.com>
To: Mountie Lee <mountie.lee@mw2.or.kr>
Cc: public-webcrypto-comments@w3.org
Hi Mountie,

> I think End-to-End encryption is easily implementable with current webcrypto
> API spec.

My feeling is that truly private, end-to-end encryption using the
WebCrypto API (or indeed any JS crypto library) is only possible if
implemented in an open-source browser extension, such as Cryptocat. As
far as I can tell, it is not possible in a web app using the WebCrypto
API.

> standardization for E2E is diffucult issue.

Probably, but some reasonably simple standards should be possible. For
example, encrypting/decrypting text and encrypting/decrypting files
look like two relatively simple and fairly general use cases.

Best regards,
Arthur
Received on Thursday, 1 November 2012 16:05:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 1 November 2012 16:05:30 GMT