- From: David Leon Gil <coruus@gmail.com>
- Date: Tue, 17 Feb 2015 23:59:51 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>, public-webapps <public-webapps@w3.org>
W.r.t. WebCrypto-Next: It would be wonderful to see a few useful algorithms added to the spec: - a modern VOF (e.g., SHAKE256) - a fast hash function (e.g., BLAKE2b) - a sequential-hard KDF (e.g., scrypt) - some non-NSA curves as well as a slightly higher-level interface that makes it less complicated to do things like (cryptographically sound) ECDH without shooting yourself in the foot repeatedly. (I tried with the current API, and I have fewer toes.) There are some other things that would be great to see standardized in this area, but WebCrypto may not be the appropriate WG. On Tue, Feb 17, 2015 at 10:30 PM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > As you probably noted, all proposals related to > http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/ > were shot down. > > Are we waiting on something, and if so is the case, exactly what? > > Is the idea of building on an already semi-established solution like Chrome > Native Messaging unacceptable? > > Or should this disparate community rather standardize on U2F? > > Another solution (IMO "workaround") is using local services supplying > "Security Services" through Redirects, XHR or WebSockets. > > Since the (in)famous plugins were simply removed without any thoughts of the > implications, it seems that the browser vendors currently "own" this > question. > > Anders >
Received on Wednesday, 18 February 2015 08:00:53 UTC