- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 18 Feb 2015 09:03:30 +0100
- To: David Leon Gil <coruus@gmail.com>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>, public-webapps <public-webapps@w3.org>
On 2015-02-18 08:59, David Leon Gil wrote: > W.r.t. WebCrypto-Next: > > It would be wonderful to see a few useful algorithms added to the spec: > > - a modern VOF (e.g., SHAKE256) > - a fast hash function (e.g., BLAKE2b) > - a sequential-hard KDF (e.g., scrypt) > - some non-NSA curves > > as well as a slightly higher-level interface that makes it less > complicated to do things like (cryptographically sound) ECDH without > shooting yourself in the foot repeatedly. (I tried with the current > API, and I have fewer toes.) > > There are some other things that would be great to see standardized in > this area, but WebCrypto may not be the appropriate WG. This belongs to a WebCrypto "maintenance" task which is an entirely different topic than the stuff referred to in my posting. Anders > > On Tue, Feb 17, 2015 at 10:30 PM, Anders Rundgren > <anders.rundgren.net@gmail.com> wrote: >> As you probably noted, all proposals related to >> http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/ >> were shot down. >> >> Are we waiting on something, and if so is the case, exactly what? >> >> Is the idea of building on an already semi-established solution like Chrome >> Native Messaging unacceptable? >> >> Or should this disparate community rather standardize on U2F? >> >> Another solution (IMO "workaround") is using local services supplying >> "Security Services" through Redirects, XHR or WebSockets. >> >> Since the (in)famous plugins were simply removed without any thoughts of the >> implications, it seems that the browser vendors currently "own" this >> question. >> >> Anders >>
Received on Wednesday, 18 February 2015 08:04:18 UTC