- From: Ben Laurie <benl@google.com>
- Date: Thu, 13 May 2010 16:31:28 +0100
- To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
- Cc: "nathan@webr3.org" <nathan@webr3.org>, Jeremy Orlow <jorlow@chromium.org>, public-webapps <public-webapps@w3.org>, "art.barstow@nokia.com" <art.barstow@nokia.com>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
- Message-ID: <r2v1b587cab1005130831l3a2665c5w61b2679f32adf138@mail.gmail.com>
On 12 May 2010 17:54, Marcin Hanclik <Marcin.Hanclik@access-company.com>wrote: > Hi Nathan, > > This seems to be the current related standardization effort: > http://bondidev.omtp.org/1.5/crypto.html > = > http://bondi01.obe.access-company.com/1_5_5602_145/crypto.html I find it slightly worrying that the first example I come across uses ECB mode with no padding! Anyway, this has long been on my list of things to worry about when I get the time, so I'd be very happy to help out if that'd be useful. > > > Past related efforts were less robust (just signText in WMLScript) in > http://www.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-161-wmlsscriptcrypto-20010620-a.pdf > > Thanks, > Marcin > > > Marcin Hanclik > ACCESS Systems Germany GmbH > Tel: +49-208-8290-6452 | Fax: +49-208-8290-6465 > Mobile: +49-163-8290-646 > E-Mail: marcin.hanclik@access-company.com > > -----Original Message----- > From: public-webapps-request@w3.org [mailto:public-webapps-request@w3.org] > On Behalf Of Nathan > Sent: Wednesday, May 12, 2010 6:31 PM > To: Jeremy Orlow > Cc: public-webapps; art.barstow@nokia.com; foaf-protocols > Subject: Re: JS crypto? > > Arthur: > Thanks for pointing me in the right direction [1] :) > > Jeremy: > Fully agree re the right time to explore the possibility. > > I can think of many, many use cases - particularly in conjunction with > work that's going on in the social, swxg, foaf, foaf-protocols, linked > data, and read write web camps. > > With foaf+ssl we have public keys in profiles used for authentication > over HTTPS where the user has a certificate installed in the browser, > since the public key is available it leads the way to encrypted > communication over http between two parties, and also mounting > information on the web which is encypted with those public keys, making > it safe and secure - obviously if one where to pass the private key in > to a server side application then security would be somewhat flawed, > however if it's in the browser then this paves the way for almost > infinite uses - including many web of trust related functions > (particularly with signing resources exposed by uris). > > So whilst usage may be somewhat low, I fully envision need and usage > rising exponentially over the next few years and onwards, so a > relatively early start at standardisation would indeed be a very good > thing! > > [1] http://lists.w3.org/Archives/Public/public-web-security/ > > Best, > > Nathan > > > Jeremy Orlow wrote: > > This came up not too long ago in the context of persistent storage. The > > verdict (IIRC) was that we're not interested in adding crypto just to > > the persistent storage APIs, but that we might be interested in adding a > > general crypto API. > > > > Does anyone have any data for how widely used window.crypto and/or JS > > library alternatives are? If they aren't widely used, maybe it's worth > > seeing if we can find use cases for crypto in the browser that aren't > > satisfied by JS libraries? > > > > To answer your question, I'm not aware of any existing standardization > > efforts, but I think the time might be right to explore the possibility. > > > > J > > > > > > On Wed, May 12, 2010 at 5:09 PM, Nathan <nathan@webr3.org> wrote: > > > >> Hi All, > >> > >> Unsure if this is the best place to ask, but is there currently any JS > (or > >> user agent) support for cryto functions such as > sign/seal/encrypt/decrypt? > >> > >> Perhaps a working group, a draft, anything? > >> > >> I would be very keen to see crypto support in all the browsers > standardized > >> and methods exposed to JS. > >> > >> For instance, if you have your public key on the web somewhere, I should > be > >> able to seal a document using it, publish it on the web, and know that > if > >> you visit that uri in your browser that it will decrypt it using the > private > >> key from a certificate you have installed in the browser. > >> > >> Best & thanks in advance for any response, > >> > >> ps: aware of window.crypto in firefox/gecko > >> > >> Nathan > >> > >> > > > > > > ________________________________________ > > Access Systems Germany GmbH > Essener Strasse 5 | D-46047 Oberhausen > HRB 13548 Amtsgericht Duisburg > Geschaeftsfuehrer: Kiyoyasu Oishi, Tomonori Watanabe, Yusuke Kanda > > www.access-company.com > > CONFIDENTIALITY NOTICE > This e-mail and any attachments hereto may contain information that is > privileged or confidential, and is intended for use only by the > individual or entity to which it is addressed. Any disclosure, copying or > distribution of the information by anyone else is strictly prohibited. > If you have received this document in error, please notify us promptly by > responding to this e-mail. Thank you. > >
Received on Thursday, 13 May 2010 16:05:15 UTC