Re: [Web Crypto WG] Agenda for next call on 14th of May (15:00 EDT/19:00 UTC)

Ryan,

This is really useful. One point I wanted to highlight...

On Wed, May 9, 2012 at 11:38 AM, Ryan Sleevi <sleevi@google.com> wrote:
> My own belief is that the best/most interesting API will be a low level API
> that provides a single/overloaded method with options objects. In short,
> something that is akin to PKCS#11 for JavaScript. Given that PKCS#11 is able
> to support SSL/TLS, S/MIME, DTLS, SRTP, PGP, and high value transactions,
> all through a single interface, I believe it's a reasonably proven
> approach.

I think it would be really useful to come to consensus on whether TLS support
is required. As I said earlier, TLS requires you do some really funky
stuff with:

(a) the RSA padding.
(b) the DH output

If you want to have an API that supports TLS, you either need to have
explicit support for the TLS operations or raw access to the keying material.

-Ekr

Received on Thursday, 10 May 2012 15:54:33 UTC