- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Fri, 29 Mar 2013 05:45:14 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0146.html Since you asked for opinions, here is one: I'm not particularly worried that somebody is going to pick a "weak" algorithm because the current API is so hard to grasp (compared to what?). I also wonder how many lines of crypto-code a web app would typically need. Most developers will find the 10-20 required lines on "Stackoverflow" and similar web hangouts. I would be surprised if large web-sites like Facebook don't hire people with adequate competence. If a minor site uses inferior crypto (or margnal solutions in general) the sky won't fall down. In my opinion the core issue is that we are talking about the web which presumably involves _client-server_operations_ which translates to _protocols_. History shows that not even the best designers get it right all the time. Regarding the proposed High-level API I'm pretty much against it: In a client-server world "smart" methods that select the currently most fashionable algorithms will only lead to non-interoperability. Anders
Received on Friday, 29 March 2013 04:45:43 UTC