- From: Tom Ritter <tom@ritter.vg>
- Date: Tue, 19 Feb 2013 09:11:12 -0500
- To: Emily Stark <estark@mit.edu>
- Cc: public-webcrypto-comments@w3.org
Received on Tuesday, 19 February 2013 14:12:06 UTC
On 19 February 2013 08:34, Emily Stark <estark@mit.edu> wrote: > I was wondering if we could revisit sign/verify. I'm curious to hear > why Adam Langley thought these should be dropped; I understand that > messages can be signed with encryptAndSign, but it seems wasteful and > confusing to always require encryption along with signatures. NaCl, > KeyCzar, and SJCL all have sign()/verify() (as well as MACs) that > don't also require the user to encrypt/decrypt. I also thought they should be removed. My argument is simplicity. While it is true other libraries expose a 'sign' function, our goal for this High Level API is to make it as simple to use as possible. Part of that includes making it as minimal as possible. I haven't seen a use case that convinced me we need a sign() function, and encryptAndSign() won't do. Could you provide some examples where a messages *requires* authenticity but also *cannot* have confidentiality, particularly if we're talking about mostly-opaque data values? -tom
Received on Tuesday, 19 February 2013 14:12:06 UTC