- From: Richard L. Barnes <rbarnes@bbn.com>
- Date: Thu, 1 Nov 2012 17:13:00 +0100
- To: "Arthur D. Edelstein" <arthuredelstein@gmail.com>
- Cc: Mountie Lee <mountie.lee@mw2.or.kr>, public-webcrypto-comments@w3.org
>> I think End-to-End encryption is easily implementable with current webcrypto >> API spec. > > My feeling is that truly private, end-to-end encryption using the > WebCrypto API (or indeed any JS crypto library) is only possible if > implemented in an open-source browser extension, such as Cryptocat. As > far as I can tell, it is not possible in a web app using the WebCrypto > API. > >> standardization for E2E is diffucult issue. > > Probably, but some reasonably simple standards should be possible. For > example, encrypting/decrypting text and encrypting/decrypting files > look like two relatively simple and fairly general use cases. > > Best regards, > Arthur If you don't trust the downloaded JavaScript, why are you using a web app? If you have to download a browser extension, then you might as well install a dedicated application. ISTM that your definition of E2E is not really germane to this working group. --Richard
Received on Thursday, 1 November 2012 16:13:36 UTC