- From: Emily Stark <estark@MIT.EDU>
- Date: Tue, 19 Feb 2013 08:34:22 -0500
- To: Aymeric Vitte <vitteaymeric@gmail.com>
- Cc: Ryan Sleevi <sleevi@google.com>, David Dahl <ddahl@mozilla.com>, public-webcrypto-comments@w3.org
I was wondering if we could revisit sign/verify. I'm curious to hear why Adam Langley thought these should be dropped; I understand that messages can be signed with encryptAndSign, but it seems wasteful and confusing to always require encryption along with signatures. NaCl, KeyCzar, and SJCL all have sign()/verify() (as well as MACs) that don't also require the user to encrypt/decrypt. Also, a couple things about seal/open: 1.) Could seal() explicitly be defined as authenticated encryption instead of just symmetric encryption? 2.) This is pedantic, but once I saw seal() I started looking for unseal() and took me a minute to realize that open() was what I should be looking for. Is there any reason not to use seal/unseal instead of seal/open? 3.) Why does seal generate a fresh key each time instead of having a createKey function? This seems like it could cause extra complication for developers; NaCl/SJCL allow you to specify a key to use for symmetric encryption. On Tue, Jan 29, 2013 at 5:21 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: > > Le 28/01/2013 22:56, Ryan Sleevi a écrit : > >>>> 7) You make use of DOMString in the following methods: >>>> >> a) encryptAndSign (aPlainText) >>>> >> b) protect (aPlaintext) >>>> >> c) unprotect (aPlaintext - see 5) >>>> >> d) sign (aClearData) >>>> >> e) verify (aDataToVerify) >>>> >>How is this data supposed to be canonicalized? How is arbitrary >>>> >>binary >>>> >>data supposed to be encoded? What about decoded? >>> >>> > >>> >While I would like to make the interface as simple as possible (using >>> > strings), this is an issue that may require the use of ArrayBufferViews >>> > after all. I am unsure how to make DOMStrings viable here. >> >> http://encoding.spec.whatwg.org/ ? >> > If this can help, simple example here > (https://github.com/Ayms/node-typedarray) how to use ArrayBuffers, > TextEncoder/Decoder, and make all this more "high-level". > > -- > jCore > Email : avitte@jcore.fr > iAnonym : http://www.ianonym.com > node-Tor : https://www.github.com/Ayms/node-Tor > GitHub : https://www.github.com/Ayms > Web : www.jcore.fr > Webble : www.webble.it > Extract Widget Mobile : www.extractwidget.com > BlimpMe! : www.blimpme.com > > On Tue, Jan 29, 2013 at 5:21 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: > > Le 28/01/2013 22:56, Ryan Sleevi a écrit : > >>>> 7) You make use of DOMString in the following methods: >>>> >> a) encryptAndSign (aPlainText) >>>> >> b) protect (aPlaintext) >>>> >> c) unprotect (aPlaintext - see 5) >>>> >> d) sign (aClearData) >>>> >> e) verify (aDataToVerify) >>>> >>How is this data supposed to be canonicalized? How is arbitrary >>>> >>binary >>>> >>data supposed to be encoded? What about decoded? >>> >>> > >>> >While I would like to make the interface as simple as possible (using >>> > strings), this is an issue that may require the use of ArrayBufferViews >>> > after all. I am unsure how to make DOMStrings viable here. >> >> http://encoding.spec.whatwg.org/ ? >> > If this can help, simple example here > (https://github.com/Ayms/node-typedarray) how to use ArrayBuffers, > TextEncoder/Decoder, and make all this more "high-level". > > -- > jCore > Email : avitte@jcore.fr > iAnonym : http://www.ianonym.com > node-Tor : https://www.github.com/Ayms/node-Tor > GitHub : https://www.github.com/Ayms > Web : www.jcore.fr > Webble : www.webble.it > Extract Widget Mobile : www.extractwidget.com > BlimpMe! : www.blimpme.com > >
Received on Tuesday, 19 February 2013 13:35:20 UTC