W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2014

Re: polycrypt and webcrypto

From: Ryan Sleevi <sleevi@google.com>
Date: Sat, 1 Nov 2014 12:17:12 -0700
Message-ID: <CACvaWvYfwdk0jO11EUeMYGWT4t=cyFvc7eVNiVancNP6E+htLw@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: public-webcrypto-comments@w3.org, Anders Rundgren <anders.rundgren.net@gmail.com>, Richard Barnes <rlb@ipv.sx>
On Nov 1, 2014 1:14 PM, "Melvin Carvalho" <melvincarvalho@gmail.com> wrote:
>
>
>
> On 1 November 2014 19:40, Richard Barnes <rlb@ipv.sx> wrote:
>>
>>
>>
>> On Sat, Nov 1, 2014 at 7:42 AM, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:
>>>
>>>
>>>
>>> On 1 November 2014 11:40, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:
>>>>
>>>> On 2014-11-01 11:33, Melvin Carvalho wrote:
>>>>>
>>>>> I was wondering if anyone could point me to how close we are to
getting browsers to implement web crypto in the browser.
>>>>
>>>>
>>>> The shipping version of Chrome supports the current spec for RSA.
>>>> Unfortunately the WebCrypto WG has decided that there should not be
any mandatory algorithms.
>>>>
>>>> Firefox "Nightly" supports RSA and ECDH.
>>>>
>>>> IE 11 supports an earlier iteration of the spec.
>>>
>>>
>>> Thank you, very helpful!
>>>
>>> From the sounds of it, it makes most sense to base current development
using this spec on chromium, with some minor fixes as required.
>>
>>
>> Note that recent versions of Firefox also have WebCrypto.  In version 34
(currently beta), it is on by default, and in version 33 (currently
aurora), you can turn it on with "dom.webcrypto.enabled".
>>
>> Firefox also lacks the HTTPS restriction that Anders notes.
>
>
> Oh, thanks for the info.  That sounds like a significant plus.
>

Not if you value security or the security of your users.

>>
>>
>>
>>>
>>> I share our surprise that there are no mandatory algorithms in this
spec.
>>
>>
>> This may change soon.  The plan is to look at what the first
implementations have been able to achieve, and if there's a common set,
make that a requirement going forward.
>
>
> Great!
>
>>
>>
>> --Richard
>>
>>
>>>
>>>
>>>>
>>>>
>>>> Anders
>>>>
>>>>
>>>>>
>>>>> I was looking at using http://polycrypt.net/ in the meantime but is
that still maintained, it points to a 2012 version of the spec.
>>>>
>>>>
>>>
>>
>
Received on Saturday, 1 November 2014 19:17:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:03:29 UTC