W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2012

Re: [Web Crypto WG] Agenda for next call on 14th of May (15:00 EDT/19:00 UTC)

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 10 May 2012 08:53:24 -0700
Message-ID: <CABcZeBMxjDHnC=osES_GxV1=iGrrpGFyDou+WNrWE5OiX4f0jA@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
Cc: David Dahl <ddahl@mozilla.com>, public-webcrypto@w3.org
Ryan,

This is really useful. One point I wanted to highlight...

On Wed, May 9, 2012 at 11:38 AM, Ryan Sleevi <sleevi@google.com> wrote:
> My own belief is that the best/most interesting API will be a low level API
> that provides a single/overloaded method with options objects. In short,
> something that is akin to PKCS#11 for JavaScript. Given that PKCS#11 is able
> to support SSL/TLS, S/MIME, DTLS, SRTP, PGP, and high value transactions,
> all through a single interface, I believe it's a reasonably proven
> approach.

I think it would be really useful to come to consensus on whether TLS support
is required. As I said earlier, TLS requires you do some really funky
stuff with:

(a) the RSA padding.
(b) the DH output

If you want to have an API that supports TLS, you either need to have
explicit support for the TLS operations or raw access to the keying material.

-Ekr
Received on Thursday, 10 May 2012 15:54:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 16 May 2012 18:59:57 GMT