- From: Eric Rescorla <ekr@rtfm.com>
- Date: Fri, 29 Jun 2012 13:31:51 -0700
- To: Zooko Wilcox-OHearn <zooko@leastauthority.com>
- Cc: public-webcrypto@w3.org
On Fri, Jun 29, 2012 at 2:55 AM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote: > * Code to perform key negotiation (OTR-style) and data encryption for > real-time messaging (secure IM) over websockets or WebRTC. Initially > it could be done in web-content (still vulnerable to the code > provider), but could migrate to an addon. Needs DH (curve25519 would > be great), AES (in some authenticated-encryption mode), or just some > high-level box/unbox primitives. Side note: WebRTC will provide this functionality between the browsers out of the box. I.e., all browser-browser data channels are to be encrypted with DTLS. Obviously, this doesn't solve your problem with Websockets. -Ekr
Received on Friday, 29 June 2012 20:32:59 UTC