W3C home > Mailing lists > Public > public-webcrypto@w3.org > August 2012

Re: crypto-ISSUE-24: Defining a Synchronous API [Web Cryptography API]

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 20 Aug 2012 11:17:44 -0700
Message-ID: <CACvaWvb8DDoA1NLuyrrhd_uEzGa2Ccp=S5OZnuyNcmEoYiM9-Q@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
On Mon, Aug 20, 2012 at 9:09 AM, Mark Watson <watsonm@netflix.com> wrote:
> We were thinking about this also, since a synchronous API is needed to use WebCrypto in onclose handlers, where the event loop is stopped immediately you exit the handler.
>
> The existing API could be given a synchronous mode just by adding a boolean, "synchronous" to the close() method of CryptoOperation. If true, the close call would block until the operation was complete. Events would not be generated and the application would determine the outcome by inspecting the CryptoOperation attributes.

Did you mean CryptoOperation.complete()?

I'm pretty disinclined to expose a sync method on a non-worker
context, since I think in practice it'll end up pretty heavily abused.
As both David and I can attest to, I think there's pretty strong
opposition to providing sync, blocking methods in new HTML APIs
outside of a worker context. This is akin to FileReaderSync only being
usable on WorkerContext.


>
> I'm not sure about requiring Web Workers. Everyone will need asynchronous versions, since these operations may take some time on some platforms (for example if the crypto is being done on a smartcard or similar). It doesn't seem a good idea to make everyone re-implement the same Web Workers wrapper. It also brings in Web Workers as an additional dependency for using this API and I am not sure they are universally available (on TVs for example ?).
>
> ůMark
>
>
> On Aug 20, 2012, at 7:45 AM, Web Cryptography Working Group Issue Tracker wrote:
>
>> crypto-ISSUE-24: Defining a Synchronous API [Web Cryptography API]
>>
>> http://www.w3.org/2012/webcrypto/track/issues/24
>>
>> Raised by: Ryan Sleevi
>> On product: Web Cryptography API
>>
>> In v1.15, the Web Crypto API still makes heavy use of special interface-objects in order to provide asynchronous implementations of methods such as encrypting, hashing, or generating keys.
>>
>> However, in nearly every major cryptography API, these operations are all synchronous, and thus user agents will be forced to simulate an asynchronous API atop a synchronous API.
>>
>> Does it make more sense to define the Web Crypto API as a *purely* synchronous API, but which can *only* be accessed from Web Workers?
>>
>> This effectively leaves the asynchronous semantics up to applications to implement, by forcing them to use web workers. However, it allows the exposed surface of the API to be significantly reduced, as well as easier specification of the state machines.
>>
>> A "complementary" synchronous API, as has been expressed as desired, is more likely a complete rethinking and re-implementation of the API.
>>
>> This is, to some degree, also related to ISSUE-18, since exposing cryptographic transforms via the various proposed streaming APIs also implies asynchronicity, but with a more consistent programming model to existing web platform APIs.
>>
>>
>>
>>
>
>
Received on Monday, 20 August 2012 18:18:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:25 UTC