Re: An initial editor's draft: high-level API from Tom Ritter on 2013-02-19 (public-webcrypto-comments@w3.org from February 2013)

From: Tom Ritter <tom@ritter.vg>
Date: Tue, 19 Feb 2013 09:11:12 -0500
To: Emily Stark <estark@mit.edu>
Cc: public-webcrypto-comments@w3.org
Message-ID: <CA+cU71=N0Evw8jttPNnH_vWDVqQRNUoF0JQxbpWOQJxVuySncQ@mail.gmail.com>

On 19 February 2013 08:34, Emily Stark <estark@mit.edu> wrote:

> I was wondering if we could revisit sign/verify. I'm curious to hear
> why Adam Langley thought these should be dropped; I understand that
> messages can be signed with encryptAndSign, but it seems wasteful and
> confusing to always require encryption along with signatures. NaCl,
> KeyCzar, and SJCL all have sign()/verify() (as well as MACs) that
> don't also require the user to encrypt/decrypt.

I also thought they should be removed.  My argument is simplicity.  While
it is true other libraries expose a 'sign' function, our goal for this High
Level API is to make it as simple to use as possible.  Part of that
includes making it as minimal as possible.

I haven't seen a use case that convinced me we need a sign() function, and
encryptAndSign() won't do.  Could you provide some examples where a
messages *requires* authenticity but also *cannot* have confidentiality,
particularly if we're talking about mostly-opaque data values?

-tom

Received on Tuesday, 19 February 2013 14:12:06 UTC