W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: [WebCrypto.Next] Any ideas on how to proceed?

From: David Leon Gil <coruus@gmail.com>
Date: Tue, 17 Feb 2015 23:59:51 -0800
Message-ID: <CAA7UWsXjM3vjfevmNtbjN6MeVuGZNiiMkLu_t+dBia1AdOGNsw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, public-webapps <public-webapps@w3.org>
W.r.t. WebCrypto-Next:

It would be wonderful to see a few useful algorithms added to the spec:

- a modern VOF (e.g., SHAKE256)
- a fast hash function (e.g., BLAKE2b)
- a sequential-hard KDF (e.g., scrypt)
- some non-NSA curves

as well as a slightly higher-level interface that makes it less
complicated to do things like (cryptographically sound) ECDH without
shooting yourself in the foot repeatedly. (I tried with the current
API, and I have fewer toes.)

There are some other things that would be great to see standardized in
this area, but WebCrypto may not be the appropriate WG.

On Tue, Feb 17, 2015 at 10:30 PM, Anders Rundgren
<anders.rundgren.net@gmail.com> wrote:
> As you probably noted, all proposals related to
> http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/
> were shot down.
>
> Are we waiting on something, and if so is the case, exactly what?
>
> Is the idea of building on an already semi-established solution like Chrome
> Native Messaging unacceptable?
>
> Or should this disparate community rather standardize on U2F?
>
> Another solution (IMO "workaround") is using local services supplying
> "Security Services" through Redirects, XHR or WebSockets.
>
> Since the (in)famous plugins were simply removed without any thoughts of the
> implications, it seems that the browser vendors currently "own" this
> question.
>
> Anders
>
Received on Wednesday, 18 February 2015 08:00:53 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC