Re: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API] from Harry Halpin on 2012-08-09 (public-webcrypto@w3.org from August 2012)

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 10 Aug 2012 01:40:49 +0200
To: Jarred Nicholls <jarred@webkit.org>
CC: David Dahl <ddahl@mozilla.com>, Ryan Sleevi <sleevi@google.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <50244A81.8000508@w3.org>

On 08/08/2012 07:22 PM, Jarred Nicholls wrote:
> On Wed, Aug 8, 2012 at 11:25 AM, David Dahl <ddahl@mozilla.com 
> <mailto:ddahl@mozilla.com>> wrote:
>
>     ----- Original Message -----
>     > From: "Ryan Sleevi" <sleevi@google.com <mailto:sleevi@google.com>>
>     > To: "Web Cryptography Working Group" <public-webcrypto@w3.org
>     <mailto:public-webcrypto@w3.org>>
>     > Sent: Sunday, August 5, 2012 9:56:12 PM
>     > Subject: Re: crypto-ISSUE-13: Relationship between the W3C Web
>     Cryptography  work product and the IETF JOSE WG [Web
>     > Cryptography API]
>
>     > I'd like to propose that the current low-level API specifically
>     > clarify that there is *no* specific or priviledged relationship to
>     > the
>     > IETF JOSE work.
>     >
>     > Specifically:
>     > 1) Algorithm/AlgorithmParams does *not* need to be on-the-wire
>     > equivalent to JWA parameters
>     > 2) It is *not* required that algorithm short-names match their JWA
>     > counterparts.
>     >
>     > My opinion is that this represents a generic API for use in the
>     > client. One possible consumer, of many, may include the
>     work-products
>     > of the JOSE working group. However, I believe that they do not
>     > represent the only consumer of this API, therefore I do not believe
>     > it
>     > makes sense to primarily design or tightly-couple this work to the
>     > JOSE WG.
>
>     +1 As this is a low-level API, I agree. I think JOSE is more
>     directly compatible with a higher-level API. I can see using JOSE
>     for either a high-level spec produced by this WG or by a
>     high-level API written in content JS that consumes the Web Crypto API.
>

Agreed. As soon as get the low-level API to FPWD status, we should get 
some draft of the higher-level API out. But for the time being, I think 
tabling higher-level API and leaving JOSE to the higher-level API makes 
sense. Thus, no JOSE formats in low-level API is fine with me, although 
we need to keep the liaisons informed.

>
>     Regards,
>
>     David
>
>
> +1

Received on Thursday, 9 August 2012 23:40:59 UTC