- From: Andrew Sutherland <asutherland@asutherland.org>
- Date: Thu, 24 Nov 2011 13:08:45 -0800
- To: public-identity@w3.org
On 11/24/2011 05:55 AM, Harry Halpin wrote: > So everyone who has a use-case please send it now, described in 1-2 > sentences. Then also, *look* at the primary/secondary/ and > out-of-scope features and list what features are necessary for the > goal. Also, to see if anything is missing. Use-case: Encrypted messaging client. Primary necessities: key pair generation, encryption, decryption, digital signature generation and verification, hash/message digest algorithms, key storage. Secondary necessities: strong random number generation, destruction of temporary credentials Primary not required: key transport/agreement algorithms Additional details: Mozilla Labs has an encrypted messaging experiment under development, deuxdrop. ( https://github.com/mozilla/deuxdrop). While user trust of the client's code is more biased towards an extension model for deployment, we are trying to use as many web technologies as possible and to be capable of operating without any special privileges in a standard web browser. Right now, crypto is provided by the NaCl library ( http://nacl.cr.yp.to/) exposed to JS via privileged js-ctypes shims, but if we could use baked-in web platform crypto like DOMCrypto or the outcome of the web crypto effort, that would be much better. Obviously, the underlying crypto primitives would need to change, as I don't expect NaCl's primitives to be adopted, but our current implementation was never intended to be permanent. Andrew
Received on Friday, 25 November 2011 13:11:26 UTC