- From: David Illsley <david@illsley.org>
- Date: Sun, 14 Dec 2014 18:16:48 +0000
- To: public-webcrypto-comments@w3.org
Hi, It's great to see progress on WebCrypto. Here are a few comments based on a non-cryptographers reading of the document. Regards, David 1. Introduction Includes: "the API provides interfaces for key generation, key derivation, key import and export, and key discovery" but it doesn't appear to me that the specification provides for "key discovery". 4.3. Operations This section is confusing, contradictory, and I don't think backed up by the rest of the document. I *think* it's trying to say: "Although the API does not expose the notion of cryptographic providers or modules, each key is internally bound to an algorithm and usage, so web applications can be confident that a given key will only be used for the correct set of cryptographic operations." 5.1. Underlying Cryptographic Implementation The first paragraph doesn't aid understanding of the specification, and is over-complex. It could be replaced by something simpler eg "This specification allows for cryptographic operations to be implemented separately from the user agent, through the use of existing APIs and modules." Similarly, paragraphs 3 and 4 could be removed entirely, or otherwise substantially simplified.
Received on Monday, 15 December 2014 08:57:07 UTC