- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 26 Nov 2012 18:24:59 -0000 (GMT)
- To: public-webcrypto@w3.org
Everyone,
I'd like to remind folks that our next publication is due in mid-Dec. This
is a "heartbeat" publication which is required by W3C process to show that
the Working Group is still alive (which of course we are, there's just not
been changes to the spec, just lots of healthy debate).
While its possible some of the larger issues around pre-provisioned keys
won't be solved by then, we at least need to address the reviews and
feedback since our first review as a show of good faith to the larger
community, and as this is generally how W3C spec heartbeats work in order
to show the rest of the W3C we are taking in feedback and making progress.
In particular, we need to do the following:
1) Improve the introduction and Security Considerations to the spec to
clarify that the crypto API is based on extending functionality of the Web
Platform, not a security solution in of itself as given by
Twitter/hackernews reviews. I have suggested text in past, Ryan has
improved these parts, but we should go over them.
2) Clarify the roles of the primitives given by IRTF: As in Zooko's
proposal or Ryan's modifiations thereof.
3) Add in the part about using structured clone rather than KeyStorage,
and other usability modifications (I believe Alex Russell was going to
review the spec - has that happened? If not, I can get Robin Berjon to on
short notice).
That's probably the minimal we need to do. Ideally, we'd also publish,
although I don't think is absolutely necessary:
1) A draft use-case document
2) A draft high-level API
Just noting that's a *lot* of work in 3 weeks, and thus my concerns re
moving around telecon times to a less frequent basis my disrupt our
ability to deliver to these goals.
cheers,
harry
Received on Monday, 26 November 2012 18:25:00 UTC