Re: DomCrypto - Revised Strategy?

On 2011-11-18 01:34, Harry Halpin wrote:
>> Google has silently already launched their Origin Bound Certficate TLS
>> extension in Chrome.  IMO, this is the only way forward.
>>
>> If Mozilla is serious about DomCrypt, Mozilla must release "as is";
>> nobody will care otherwise.
> 
>  DomCrypt is already joint work between Mozilla and Google. Origin Bound
> Certs are no doubt a good idea as well. Again, we've discussed more
> general purpose certs, if you think this should be part of the WG charter
> you must specify textual changes to the charter now, as right now most of
> that is out-of-scope for the API.


I hate to say it but with the flurry of proposals from Google and
Mozilla I don't think that there is much ground for standardization
and charters.  IMO, there are no good DomCrypt use-case descriptions
either.  The work should have started there with the simple question:

   "What is it we want to achieve?"

Making crypto in JS is not the answer; it may at best be the solution.

Anders


> 
>>
>> Google did the same with their wallet which is a REALLY interesting
>> thing.  Unfortunately the architecture seems to be secret.
>>
>> Anders
>>
>>
> 
> 
> 

Received on Friday, 18 November 2011 03:15:37 UTC