- From: Richard Barnes <rbarnes@bbn.com>
- Date: Mon, 21 Nov 2011 09:08:46 -0500
- To: Harry Halpin <hhalpin@w3.org>
- Cc: public-identity@w3.org
Hi Harry, I have a few comments on the Scope section. Coming at this from the perspective of someone generally knowledgeable about crypto stuff, but new to this group. CURRENT: " The primary features in scope are encryption, decryption, digital signature generation and verification, hash/message digest algorithms, confidentiality algorithms, key transport/agreement algorithms, HMAC algorithms, key pair generation, and key storage on the device. In addition, the API should be asynchronous and must prevent external access to secret material. " COMMENTS: -- It would be helpful to have a little more clarity in this text. -- I don't know how "confidentiality algorithms" differs from "encryption" -- I don't know what "key transport/agreement algorithms" means in this context -- Bullets might help readability SUGGESTED: " The primary features in scope are the following: * Symmetric encryption and decryption * Digital signature generation and verification * Hash / message digest algorithms * HMAC algorithms * Generation of asymmetric key pairs * Secure storage for private keys and symmetric keys " CURRENT: " Secondary features might include: strong random generation, control of session login/logout, extraction of keys from TLS sessions, PKI scheme validation, destruction of temporary credentials, storage of secrets in a tamper-proof container, non-opaque key identifiers (assuming by default all key identifiers are opaque in the normal case), the availibility of multiple key containers (in either hardware or software). " COMMENTS: -- I would suggest moving random number generation to the main feature list. It's not a complicated thing to put an API to. -- I don't know what the phrase "PKI scheme validation" means -- Isn't "storage of secrets..." covered by the key storage bullet above? -- In addition to multiple key containers, you might also have multiple crypto services. The work would seem to be about the same to implement both of these; either way you need an identify the container/service. -- Bullets would probably help readability here too. Hope this helps, --Richard On Nov 17, 2011, at 11:17 PM, Harry Halpin wrote: > Everyone, > > On next Tuesday, as said earlier, I plan to take the Web Cryptography > charter [1] from the wiki and put it into HTML as an "official draft > charter" then ask for preliminary feedback from the AC, before going to > real AC review in December (thus launching Working Group in January). > > So, if you have any comments, *now* is the time to send to the mailing > list. Suggested text replacement is most welcome. > > cheers, > harry > > [1] http://www.w3.org/wiki/IdentityCharter >
Received on Monday, 21 November 2011 14:09:45 UTC