W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2012

Re: Suggestions on high-level API - perhaps a meeting next week?

From: David Dahl <ddahl@mozilla.com>
Date: Tue, 9 Oct 2012 08:33:35 -0700 (PDT)
To: Jim Burrows <brons@eldacur.com>
Cc: Ryan Sleevi <sleevi@google.com>, Harry Halpin <hhalpin@w3.org>, Emily Stark <estark@mit.edu>, Wan-Teh Chang <wtc@google.com>, public-webcrypto@w3.org, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, Mountie Lee <mountie.lee@mw2.or.kr>
Message-ID: <939192396.2573408.1349796815843.JavaMail.root@mozilla.com>
Jim:
I have been tinkering with a high-level design over here: https://github.com/daviddahl/web-crypto-ideas/blob/master/high-level-api.js

The simplest possible API is what I am going for: encryptAndSign(), verifyAndDecrypt() (as well as sign(), verify(), hash() and mac()), see: https://github.com/daviddahl/web-crypto-ideas/blob/master/high-level-api.idl

Please feel free to comment and/or send pull requests. I think a high-level API is also needed, one in which we do not focus on backward-compatibility and have much narrower use-cases.

Cheers,

David

----- Original Message -----
> From: "Jim Burrows" <brons@eldacur.com>
> To: "Mountie Lee" <mountie.lee@mw2.or.kr>
> Cc: "David Dahl" <ddahl@mozilla.com>, "Ryan Sleevi" <sleevi@google.com>, "Harry Halpin" <hhalpin@w3.org>, "Emily
> Stark" <estark@mit.edu>, "Wan-Teh Chang" <wtc@google.com>, public-webcrypto@w3.org, "GALINDO Virginie"
> <Virginie.GALINDO@gemalto.com>
> Sent: Tuesday, October 9, 2012 10:13:32 AM
> Subject: Re: Suggestions on high-level API - perhaps a meeting next week?
> 
> [Third time's the charm. First attempt got caught by the "we need
> your
> permission to archive" filter and the second I did as a personal
> reply not
> to the list. Honest, after 4 decades or so, I promise to learn how to
> use
> email.]
> 
> I have done contracting work in the last several months with two
> client
> companies who were building multi-platform suites of secure
> communications
> apps covering voice, text, data, email, alerting and video. My work
> has
> included JavaScript based development using SJCL. My clients have
> used
> Javascript-based code that I have developed for a few of purposes and
> have
> indicated an interest in using it for a number of others. The uses
> have
> included:
> 
>    *  Jacketing captive JavaScript code in native-code apps to allow
>    quick
>       deployment of a client on a platform that does not yet have an
>       app
>       of its own.
>    *  Having an independently developed implementation of a
>    communications
>       client that is used for in-house testing of commercial
>       products,
>       allowing for the exercise of bugs and corner-cases not thought
>       of
>       by the creator of the original implementation.
>    *  Building of quick prototypes.
>    *  Development of a marginally-secure "beachhead" presence on a
>    device
>       whereby a secure native-code app can be delivered to a newly
>       acquired device, and relying on out-of-band confirmation of
>       probable identity.
>    *  File transfer using convergent encryption techniques.
>    *  Other more blue-sky applications.
> 
> It is quite true that a secure pipe to an endpoint in an
> unverifiably-secure environment such as a web browser used for other
> purposes is of limited use due to the level of risk implicit in
> exposed
> nature of the endpoint, but there are often real world cases were
> there is
> significant operational value in having a secure pipe with one known
> secure
> end point, especially when you are in control of the risky end of the
> pipe.This can happen in in both the "beachhead" and controled-test
> environments, and is arguably a valid choice in terms of fast
> deployment to
> new or additional platforms if a sufficiently secure jacketing app
> can be
> quickly developed.
> 
> I am, therefore, quite interested in seeing  robust high-level APIs
> available, and thus my membership in this list, which is driven
> entirely by
> practical and not theoretical interests.
> 
Received on Tuesday, 9 October 2012 15:34:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 9 October 2012 15:34:08 GMT