- From: Harry Halpin <hhalpin@w3.org>
- Date: Sun, 25 Oct 2015 13:44:19 -0400
- To: public-webcrypto@w3.org
On 10/21/2015 03:29 AM, Anirban Basu wrote:
> On 10/20/15 3:59 PM, Ryan Sleevi wrote:
>>> Yes.
>> I suppose I was hoping you could elaborate. Do you know of user agents
>> likely to implement this? It would seem most of the active member UAs
>> seem unlikely, given the historical precedent underlying their
>> cryptographic libraries. It also seems that it has far less widestream
>> adoption potential (despite the ISO/IEC standarization, it doesn't
>> seem to have CFRG/IETF standardization for use on the Internet).
>>
> I was hoping to work on the standardisation through W3C to start with.
> Since you suggest that I go to UAs for adoption then I'll try talking to
> them. Perhaps, I should consider contributing to some of the open-source
> UAs there?
>
> Regarding KCipher-2 and IETF, there is an IETF RFC (informational) at
> https://tools.ietf.org/html/rfc7008 -- it is the 128-bits version though.
>
>> I just want to make sure you gauge interest first before spending too
>> much time perfecting the spec. It's fine to ship rough and iterate
>> based on feedback :)
>>
> Yes, thanks. Agreed on that :-)
>
>>> If it is standalone, does it need to conform exactly to the Web
>> Crypto API, particularly the WebIDL in the Parameters and the
>> descriptions of the Operations?
>>
>> Yes! Absolutely, this is the most important part of proposing a new
>> algorithm. There will be a significantly higher bar if you're having
>> to introduce new abstractions or concepts to accomplish your algorithm.
>>
> I'll hold off perfecting the spec for now. I wasn't really thinking of
> disobeying the abstractions in the W3C spec but I have some specific
> questions, which I'll come to when we are further down the road.
>
One way forward might be develop some sort of polyfill or plug-in based
on the WebCrypto API. At this point, the API is stable and there will
likely be little to no changes, although we're working on a way to have
people propose new algorithms when we send the spec to Rec. Note that
according to the W3C process, for algorithms to be added to the spec it
requires two different teams with two interoperable implementations.
Stay tuned!
However, I would update your IETF spec and also ask CFRG [1] for review
if you are still looking for crytographic review.
cheers,
harry
[1] https://irtf.org/cfrg
Received on Sunday, 25 October 2015 17:44:26 UTC