- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 26 Nov 2012 18:24:59 -0000 (GMT)
- To: public-webcrypto@w3.org
Everyone, I'd like to remind folks that our next publication is due in mid-Dec. This is a "heartbeat" publication which is required by W3C process to show that the Working Group is still alive (which of course we are, there's just not been changes to the spec, just lots of healthy debate). While its possible some of the larger issues around pre-provisioned keys won't be solved by then, we at least need to address the reviews and feedback since our first review as a show of good faith to the larger community, and as this is generally how W3C spec heartbeats work in order to show the rest of the W3C we are taking in feedback and making progress. In particular, we need to do the following: 1) Improve the introduction and Security Considerations to the spec to clarify that the crypto API is based on extending functionality of the Web Platform, not a security solution in of itself as given by Twitter/hackernews reviews. I have suggested text in past, Ryan has improved these parts, but we should go over them. 2) Clarify the roles of the primitives given by IRTF: As in Zooko's proposal or Ryan's modifiations thereof. 3) Add in the part about using structured clone rather than KeyStorage, and other usability modifications (I believe Alex Russell was going to review the spec - has that happened? If not, I can get Robin Berjon to on short notice). That's probably the minimal we need to do. Ideally, we'd also publish, although I don't think is absolutely necessary: 1) A draft use-case document 2) A draft high-level API Just noting that's a *lot* of work in 3 weeks, and thus my concerns re moving around telecon times to a less frequent basis my disrupt our ability to deliver to these goals. cheers, harry
Received on Monday, 26 November 2012 18:25:00 UTC