RE: W3C Web Crypto Use cases - next step ?

Hi Arun,

Thanks again for putting this together. I have a few comments below:

Banking transaction use case
>Jae-sang presents the derived public key to GB
Which derived public key?

>GB may then use a key exchange mechanism to exchange keys with the server over TLS
Guess you mean GB client (running in the web browser) and GB server?

>The signature is verified, and upon successful verfication, is decrypted.
verfication -> verification
is decrypted -> the encrypted message is decrypted.

BrowserID use case
>BrowserID
Change to Persona?

> The signed assertion is then combined ...
May change to: The javascript of Persona.org in the iFrame combines the signed assertion...

Does Karen need to login to Persona before Persona can access her data?

The verification part is confusing to me. Does PSS verifies on the client side or the server side?

Thanks,
Karen



From: Arun Ranganathan [mailto:arun@mozilla.com]
Sent: Monday, July 08, 2013 10:05 AM
To: GALINDO Virginie
Cc: 'public-webcrypto@w3.org'
Subject: Re: W3C Web Crypto Use cases - next step ?

On Jul 8, 2013, at 10:13 AM, GALINDO Virginie wrote:


Hello Arun,

Thanks for your work on the use cases document.
Do you think we are ready for a Next Public Working Draft with this 8th of July version ?
https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/4ee6bd222b1c/Overview.html

Hi Virginie!

I need to push a patch to darobin's git repo in order to fix the warnings that show up for broken references in the respec spec templating script.  And, there are a few bugs in the sample code that I'd like cleaned up.

But aside from those (which aren't much work) I think it would be good to solicit review for a NPWD.

-- A*