W3C home > Mailing lists > Public > public-webcrypto@w3.org > June 2012

I want to have unsafe key exchange.

From: Zooko Wilcox-OHearn <zooko@leastauthority.com>
Date: Thu, 14 Jun 2012 11:44:42 -0300
Message-ID: <CAM_a8JzQZLH+am+=6WYmd4gdKARUBeBsieOvMYUgu-9P7c8tUg@mail.gmail.com>
To: public-webcrypto@w3.org
Folks:

I'm sorry -- I've missed a couple of the conference calls due to
traveling. I've tried to read the mailing list to keep up, but I don't
understand most of what is being discussed. I've also read the minutes
of this meeting:

http://www.w3.org/2012/06/04-crypto-minutes.html

So, I don't really understand whether all the discussion of protecting
keys and identifying them by key IDs means that the uses I envision --
unprotected keys -- will be unsupported.

Will the spec require implementers to offer an API to extract the
complete bytes of a private key or symmetric key, and to create a
private key or symmetric key from a string of bytes?

I understand that there are use cases where such an API should *not*
be offered to the JS code. However, for my use cases, that API needs
to be available to the JS code. Therefore I ask that the spec requires
implementations to offer both kinds.

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep -- Least Authority Enterprises

https://leastauthority.com
Received on Thursday, 14 June 2012 14:45:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 June 2012 14:45:16 GMT