Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

On 2011-06-09 23:17, David Dahl wrote:

> The client does all crypto operations and the server is only given
> cipher text to store

IMHO, this is a rather odd value proposition: The server is supposed
to provide JS-code for the client to encrypt data so that the server can't
see it.  Yes, cloud-storage services do this but they provide a lot
more than just a crypto API.

> - and, yes, key management is still a problem,
> which I know is a huge problem that will have a solution at some point.

The S/MIME people haven't got this ball running in 15 years so there's
not a surefire victory in sight :-(

> I think starting small and focused is a good way to get things rolling. 
> This API is useful enough as is, and a key management and exchange API
> will be designed to complement this.

I'm sure we will get a JS-API, primarily because it is simple to
implement and will have a very limited impact on browser "footprint".
When it comes to *usage* I remain a bit skeptical.


> Regards,
> David

Received on Friday, 10 June 2011 18:18:36 UTC