Re: [WebCrypto.Next] Any ideas on how to proceed?

On 2015-02-18 08:59, David Leon Gil wrote:
> W.r.t. WebCrypto-Next:
>
> It would be wonderful to see a few useful algorithms added to the spec:
>
> - a modern VOF (e.g., SHAKE256)
> - a fast hash function (e.g., BLAKE2b)
> - a sequential-hard KDF (e.g., scrypt)
> - some non-NSA curves
>
> as well as a slightly higher-level interface that makes it less
> complicated to do things like (cryptographically sound) ECDH without
> shooting yourself in the foot repeatedly. (I tried with the current
> API, and I have fewer toes.)
>
> There are some other things that would be great to see standardized in
> this area, but WebCrypto may not be the appropriate WG.

This belongs to a WebCrypto "maintenance" task which is an entirely different
topic than the stuff referred to in my posting.

Anders

>
> On Tue, Feb 17, 2015 at 10:30 PM, Anders Rundgren
> <anders.rundgren.net@gmail.com> wrote:
>> As you probably noted, all proposals related to
>> http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/
>> were shot down.
>>
>> Are we waiting on something, and if so is the case, exactly what?
>>
>> Is the idea of building on an already semi-established solution like Chrome
>> Native Messaging unacceptable?
>>
>> Or should this disparate community rather standardize on U2F?
>>
>> Another solution (IMO "workaround") is using local services supplying
>> "Security Services" through Redirects, XHR or WebSockets.
>>
>> Since the (in)famous plugins were simply removed without any thoughts of the
>> implications, it seems that the browser vendors currently "own" this
>> question.
>>
>> Anders
>>

Received on Wednesday, 18 February 2015 08:04:18 UTC