Re: On Registries from Mark Watson on 2014-08-08 (public-webcrypto@w3.org from August 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 7 Aug 2014 18:01:33 -0700
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdCesapowqf25HPr52uekQB419cyGiRNpQ3MK_14kS8T9g@mail.gmail.com>

On Thursday, August 7, 2014, Mike Jones <Michael.Jones@microsoft.com> wrote:

>  Simple.  In the first case, the algorithm is a data value.  In the
> second case, it’s encoded in an API.  Data values are easily extensible.
> APIs are not.  That’s why extending the space of algorithms by registering
> new data values makes a world of sense.  Expending the algorithms by adding
> new APIs for each would be clunky, procedurally slow, and mostly unworkable.
>
> I think what Ryan is saying is that it should be no easier to add an
algorithm than it is to add a new API (or, more strongly, that a new
algorithm *is* a new API and _therefore_ should be no easier to add).

IF we decided that it should be easier than this to add new algorithms and
especially if we decided that groups other than W3C Working Groups should
be able to do so, then a registry makes sense as a mechanism to coordinate
that.

Otherwise (which is where we are now), then the definitive list of
algorithms is to be found in the sum total of the output of the W3C
WebCrypto Working Group and nowhere else.

...Mark



>
>
> Note that the kinds of errors you get back the two are very different as
> well.  In the first case, it would be “unsupported algorithm”.  In the
> second case, your code would be treated as having invalid syntax.  The code
> is much more straightforward to handle the first kind of errors, which are
> expected, than the second, which are unexpected.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi@google.com
> <javascript:_e(%7B%7D,'cvml','sleevi@google.com');>]
> *Sent:* Thursday, August 07, 2014 2:37 PM
> *To:* public-webcrypto@w3.org
> <javascript:_e(%7B%7D,'cvml','public-webcrypto@w3.org');>
> *Subject:* On Registries
>
>
>
> Since it seems like this issue won't die, it's at least fruitful to
> discuss.
>
>
>
> For the proponents of registries, can you please describe what difference,
> if any, there is for the web development community and user agent authors
> between
>
>
>
> window.crypto.subtle.encrypt("AES-GCM", foo, bar)
>
> and
>
> window.crypto.subtle.aes_gcm.encrypt(foo, bar)
>
>
>
> I assert that there fundamentally is none. Both, once implemented, are
> parts of the Web Platform. Like any other feature in the Web Platform, we
> want to see such work develop through consensus. Like any other feature of
> the Web Platform, it is extremely unlikely for two groups, let alone three
> or more, to develop competing definitions. The only historical precedents
> for this has been WHATWG vs W3C, or UA Vendor vs (WHATWG || W3C), and both
> are recognized as unfortunate failings, not desirable/normal outcomes.
>
>
>
> Let's stick solely to discussing how things work in the W3C and the Web.
> What IETF does, while important, is not the same as what the W3C does - and
> that's OK.
>

Received on Friday, 8 August 2014 01:02:03 UTC