- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 10 May 2012 08:53:24 -0700
- To: Ryan Sleevi <sleevi@google.com>
- Cc: David Dahl <ddahl@mozilla.com>, public-webcrypto@w3.org
Ryan, This is really useful. One point I wanted to highlight... On Wed, May 9, 2012 at 11:38 AM, Ryan Sleevi <sleevi@google.com> wrote: > My own belief is that the best/most interesting API will be a low level API > that provides a single/overloaded method with options objects. In short, > something that is akin to PKCS#11 for JavaScript. Given that PKCS#11 is able > to support SSL/TLS, S/MIME, DTLS, SRTP, PGP, and high value transactions, > all through a single interface, I believe it's a reasonably proven > approach. I think it would be really useful to come to consensus on whether TLS support is required. As I said earlier, TLS requires you do some really funky stuff with: (a) the RSA padding. (b) the DH output If you want to have an API that supports TLS, you either need to have explicit support for the TLS operations or raw access to the keying material. -Ekr
Received on Thursday, 10 May 2012 15:54:33 UTC