W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2013

Re: Web Crypto Spec Updates for ArrayBufferView, ArrayBuffer, and Streams

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 2 May 2013 11:05:34 -0700
Message-ID: <CACvaWvbw9iZxpogCV-6wS5JmPqGUOE66NyVUaj1ZHgi9wywNnQ@mail.gmail.com>
To: Israel Hilerio <israelh@microsoft.com>
Cc: Aymeric Vitte <vitteaymeric@gmail.com>, Alex Russell <slightlyoff@google.com>, Arun Ranganathan <aranganathan@mozilla.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
A few comments inline

On Wed, May 1, 2013 at 11:26 PM, Israel Hilerio <israelh@microsoft.com> wrote:
> I agree, we should decouple the ArrayBuffer issue from the Streams issue.  More comments inline.
>
> On Friday, April 26, 2013 7:38 PM, Ryan Sleevi wrote:
>>

<snip>

>
> At the end of the day, I'm not religious about whether we overload the methods to support ArrayBuffer.
> Like I said, it just makes it easier for developers to be able to directly use the return values from XHR and, yes even, Blobs without having to create ArrayBufferViews.

Right. The tension here is between developer convenience and overall
(Web) API consistency. I certainly agree that there's quite a
compelling argument for convenience here - why should I have to do
"op.process(new DataView(xhr.result))", when I could just write
"op.process(xhr.result)"

At the time time, I'd rather make sure that there's consistency in
paradigms with other APIs as well.

Because of this tension, and that the whole AB vs ABV is unresolved in
the APIs in general (an issue for TAG/script-coord, I believe), I'm
trying to err on the side of caution. You can always fit an AB into an
ABV, so if we only offer an ABV, then any code written will continue
to work if we were to add an ArrayBuffer overload.

However, if we add an ArrayBuffer overload now, and then decide it's
incorrect (as it seems the File/Blob constructor API discussions
lead), well, we can never remove that overload - it's part of the
platform now.

I've certainly flagged it for review internally, but I think the
broader issue would be approaching WebApps and TAG and saying "What is
the preferred state of the art" here - since the whole point of the
TAG is to provide inputs to WGs such as ourselves and ensure the web
platform is developed somewhat consistently/coherently, rather than
just a collection of specs [as it realistically is today]

<snip>
>> >
>> > * MSE appendBuffer(ArrayBuffer)
>> >
>
> I noticed that you didn't address the use of ArrayBuffer overloads on MSE as part of your argument.

That's because I suspect that the authors of the MSE may not be
following the discussions going on in other specs / have discussed
with the TAG.

The fact that this is a fragmented area is exactly why I'm nervous
about adding it 'because some other spec' did.

<snip>
> I believe it would be good to verify now if the proposed model is not able to evolve to support Stream in the future.  All I'm suggesting is that we explore Stream and verify that the current model will be able to support them in the future.  It they are not that different, we can consider including them in the spec now.  If they are different, we should consider making changes to the existing model to support Stream in the future.

Sure.

To be clear, I'm totally on board with exploring the Streams proposal
- I'm not at all trying to shut it down or say we're not going there.

Rather, I'm trying to highlight areas of concern with both the Streams
spec AND with the proposal for Streams for the Web Crypto API, and
asking you to further flesh out the details or how it might be
addressed.

As I mentioned, I was the (sole?) proponent for Streams early on, so
you don't need to sell me on their benefits. But the issue was and is
understanding how we can see a consistent API evolve to support them.

As a thought exercise, I'm not at all opposed to seeing a radically
different low-level API proposal that looked at Streams only, to show
how an internally-consistent Streams API would look. We could then use
that as a discussion/comparison point for the existing API to see how
to leverage streams. Alternatively, if you think you can propose a
consistent bolt-on/overload, I'm all for exploring that too.

My biggest concern remains consistency of concepts and abstractions -
I want to make sure that any integration of Streams feels like a
natural extension, and not some afterthought. The remaining comments
from my message were trying to highlight the conceptual incongruities
as points to be addressed.

>
>>
>> That is, the current API conceptually models elements of both a Stream
>> (eg: the nature of result) and a StreamBuilder (eg:
>> CryptoOperation.process() ~= StreamBuilder.append() ,
>> CryptoOperation.finish() ~= StreamBuilder.close() )
>
> I believe there is a model where Streams and ArrayBuffers can be used together to deliver information to the crypto operations.  I'm not sure that a CryptoOperation.finish() == StreamBuilder.close().  I would like to explore the possibility of having a CryptoOperation be used to process multiple ArrayBufferViews and Streams simultaneously.

As mentioned above, I have no problem with the overall vision
statement there, but I am curious why you don't see .finish() the same
as .close().

Perhaps I'm misunderstanding StreamBuilder, but AIUI, .close()
represents the caller's way of signalling "There is no further input
to come". In the CryptoOperation, .finish() is that signal. It's
important for CryptoOperation to have that signal, because some
operations can ONLY be completed once we know for certain that we've
accumulated all inputs. Whether this is signature/mac verification or
encryption where authentication tags are produced, some outputs can
only be computed once we know there are no more inputs. How does that
differ from StreamBuilder.close()?
Received on Thursday, 2 May 2013 18:06:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:17 UTC