W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: Web Crypto WG - moving forward on keystorage and keydiscovery

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 30 Nov 2012 17:06:36 +0000
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Harry Halpin <hhalpin@w3.org>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <C4344541-779F-4DBD-9986-1F204B8C38B8@netflix.com>
Hi Virginie,

+1, provided the new specification is on REC track.

I have some suggestions below that I think are improvements, but if they are not agreeable the proposal is good as it stands.

On Nov 30, 2012, at 8:03 AM, GALINDO Virginie wrote:

> Dear all,
> With the light of the recent exchanges, here is what I see, as chair, a possible way to move forward :  
> - The next heartbeat of our Web Crypto API will contain the KeyStorage paragraph, and will have a note specifying that due to divergence of view in the WG, this feature may be moved to a separate document. 

I suggest also
1) specify the structured clone algorithm for Key objects, as has been agreed
2) add text specifying that Key objects created using generate, derive or import do not appear in the crypto.keys attribute
3) the note referred to above could say something like: "The crypto.keys attribute provides access to keys that were not generated, derived or imported through this API, for example pre-provisioned keys. Since not all devices support such keys, alternative solutions are being sought by the Working Group that more appropriately handle the optionality of this feature, including a separate specification defining new key discovery APIs. The functionality provided by crypto.keys and KeyStorage will likely be moved to this new specification."

> - A new draft specification is created, targeting to address the topics of key discovery and key storage (Mark from Netflix offered to be editor of that spec). This new specification will have the same target timeline as the Web Crypto API timeline - but if no agreement is reached on it, it will not delay the Web Crypto API for being a Recommendation

I think the scope should just be key discovery. It should not be required to address all kinds of key that can be imagined, only those for which we have concrete proposals.


> Would this agreeable to the WG ?
> Participants are requested to use their superpower +1 or -1 for expressing votes for this plan.  
> Regards,
> Virginie
> Chair of Web Crypto WG
Received on Friday, 30 November 2012 17:07:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC