- From: Kevin O'Brien <kevin@kiva.org>
- Date: Fri, 2 Nov 2018 10:14:23 -0700
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
- Message-ID: <CAJmx4NyPrNYuGG6Y2KAPP-R9yd5LBoGAP_Kxy-5xnqsU5USBjg@mail.gmail.com>
For what it's worth, speaking from a developer's point of view, I appreciate libraries which make it so I don't have to figure out what parameters to be passing, but rather can just rely on it doing what needs to be done. COSE/CBOR seems to shine in that respect. A quick search found a respectable library for Node/JS which looks like it would suit our needs nicely if things went in this direction: https://github.com/hildjj/node-cbor Just sharing since I saw some mention that library implementation was limited, but looks like there are possibly a few good implementations out there currently. Kevin O'Brien CTO Kiva.org On Fri, Nov 2, 2018 at 10:01 AM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > On 2018-11-02 17:12, Manu Sporny wrote: > >> On 11/2/18 12:31 AM, Anders Rundgren wrote: >> >>> The argument for (in some way) "hiding" algorithms and PUBLIC keys >>> from developers seems like a rather strange idea. >>> >> >> It certainly is... I don't think anyone is suggesting this, are they? >> > > Well, this is how I interpret your message: > https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0001.html > > "Some in the group also believe that JOSE exposes cryptographic details > that should not be exposed to web developers (things like x and y values > of elliptic keys, for example). COSE wraps these in a binary blob that > places it out of the purview of web developers, which is viewed as an > advantage of COSE" > > To me this is utter nonsense. > > Anders > > >> -- manu >> >> > >
Received on Friday, 2 November 2018 22:41:33 UTC