- From: Tom Ritter <tom@ritter.vg>
- Date: Fri, 25 Jan 2013 09:52:57 -0500
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
- Message-ID: <CA+cU71n_reFos_mDq9ffF9rTzsbR7z4bJhAyonEnunHgZmGD4Q@mail.gmail.com>
On 25 January 2013 01:42, Anders Rundgren <anders.rundgren@telia.com> wrote: > I'm not sure what the High-Level API that has been mentioned a few times > on the list actually > refers to but I guess it is something like Google's > http://code.google.com/p/keyczar ? > The other example is NaCL: http://nacl.cr.yp.to/secretbox.html Personally I don't understand why we should waste money on making > cryptography useable by "n00bs" > rather than doing what we can making platforms more useful for those who > actual master cryptography. > Couldn't disagree more. Why did we create standard libraries instead of making all these pesky noobs write their own printf functions, and why didn't we stop with C - what's this annoying "C#"and "Python"? So we can abstract away things that don't matter to most people, and stop them from rewriting the bugs we fixed over and over again. (Example: BasicConstraints) I don't disagree that there's a lot that can go wrong with protocols even when they're using the correct algorithms - but the point of having "box()" and "unbox()" functions is to make it *easier* to create secure anything by giving developers a secure starting point. You seem to approach security with the mindset of "Make it hard for people to write code - we'll have less code, and the code we have will be more likely to be good because it's written by people who persevered!" No, we won't have less code, we'll just have a lot of code that the developer *finally* got working, through trial and error, and will never watch to touch again. -tom
Received on Friday, 25 January 2013 14:53:49 UTC