- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 6 Aug 2014 14:22:30 -0700
- To: GALINDO Virginie <Virginie.Galindo@gemalto.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CACvaWvaZB92wFspbGPR6Vdbnh_eTX+R0_tFMOj8XkObdzw9S6A@mail.gmail.com>
On Wed, Aug 6, 2014 at 3:18 AM, GALINDO Virginie < Virginie.Galindo@gemalto.com> wrote: > Dear all, > > We have to find a mechanism for extending our Web Crypto API > specification, in order to integrate in the future some new algorithms, or > algorithm flavors. This corresponds to the bug 25618 > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618 . > > Here are ideas and requirements that were mentioned during the conference > calls and the bugzilla discussions. Those statements are high level, and > are here to try to identify requirements and principles on this extension > mechanism. Note that this discussion is not only about adding new curves, > but should also be applicable to next generation of algorithm. So lets try > to be generic, in a first step. > > 1 Extension can be used to add new algorithm (or new flavor of algorithm) > to the Web Crypto API > Not sure what you mean by "new flavor". Perhaps you can elaborate. > 2 Extension is a separate document from the main specification, which must > contain complete description of the new (flavor of) algorithm (reference, > registration, dictionary, operations, and if is it part of 'recommended > algorithms' or not) > With the exception of "recommended algorithms", agreed. "recommend algorithms" is not something I see being something that makes it to/through CR/CFI. It's merely a 'footnote' in the absence of profiles, meant to guide/prioritize implementation. Put differently, if every algorithm (in today's spec) was a separate spec - as it should have been from the start - we wouldn't be discussing recommended algorithms, I don't think. > 3 Extension existence requires to have hook in the main Web Crypto API > spec to declare new key format (please add any other impact) Hasn't been an identified use case, but presumably, yes. Although I think any algorithms that required specific formats seems sketchy :) > 4 Extension can be in a form of a wiki, or a Note or a Recommendation > (please state your preferred scenario) > Extensions change the API. They MUST be formal documents entered into the W3C process, same as every other platform API is presumed to go. > 5 The integration of new (flavor of) algorithm requires to go though W3C > IP call for exclusion or not (in that case only the Recommendation scenario > would work) > Correct > 6 The new (flavor of) algorithm will requires identifier and short name > that need to be registered (in IETF or W3C) > No. A spec is sufficient, much in the same way a spec is sufficient to declare that window.performance implements the PerformanceTiming interface. > > This is a strawman proposal expecting your challenge, criticism and > alternatives... > Go ! > > Regards, > Virginie > ________________________________ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. > >
Received on Wednesday, 6 August 2014 21:22:58 UTC