Re: WebRTC Certificate Management - a plea to NOT use Web Crypto

On Dec 24, 2014 9:41 AM, "Cullen Jennings (fluffy)" <fluffy@cisco.com>
wrote:
>
>
> Developing two uncoordinated sets of crypto APIs for browsers sounds like
a bad idea in the long term. It's hard enough to get one right.
>

You aren't developing a crypto API. If you are, then we are doing it wrong.
At best, you're simply talking identities - how those are represented,
crypto or otherwise - should be irrelevant to your API. In the least,
WebRTC should be striving to expose as little influence on the crypto as
possible.

> If the webcryto stuff we have today can't meet the needs to many major
uses cases - and I view WebRTC and one of them -  then I think we need to
step back and rethink the API and figure out to get to a common crypto API
that can.

Um, your needs are intentionally out of charter. My entire point is that
there is zero that WebRTC needs from web crypto. We aren't trying to
develop a "common for all crypto-using thingies" API, never have been.

This isn't a failure of Web Crypto - it's a failure to realize you neither
need nor should want Web Crypto.

That is, what is being advocated here and in Web Push were things debated
for over a year, and which were kept out of scope because they aren't in
practice necessary. So it's less about brining Web Crypto to change, but
explaining why that change isn't necessary.

>
> A good starting point might be to have a joint call and explain what the
webrtc guys are trying to accomplish as a use case and tease out some
better requirements from a webcrypto point of view and then see how well
things align.

Again, this isn't a web crypto problem. That is, WebRTC has various needs,
which need to be written down still, and for which Web Crypto is one of
many possible solutions. I think we are saying the same thing, but I want
to make sure there isn't a tunnel in on thinking that Web Crypto is the de
facto solution.

> That might help deal with what to with things like your Req #6 which I
suspect is not a short requirement for  webrtc but it somewhere we want to
go long term. I think that would also make it much easier for everyone to
start thinking about what's need and if what you proposed in your email
would work well.
>
>
>
>
>
>

Received on Thursday, 25 December 2014 00:56:13 UTC