Re: IANA registry for WebCrypto?

On 01/18/2013 08:55 PM, Ryan Sleevi wrote:
> On Fri, Jan 18, 2013 at 11:47 AM, Harry Halpin <hhalpin@w3.org> wrote:
>> Folks,
>>
>> W3C had an internal review of the WebCrypto speak, and it was brought up
>> that W3C doesn't normally run registries once a WG is closed, in general it
>> remains closed and so there's so lack of clarity about who would run the
>> registry. However, we have a good history with working with IANA over such
>> registries. Would anyone in the WG be opposed to modifying the spec so that
>> the registry for algorithms in WebCrypto was run by IANA?
> And what does the W3C plan to do for WebGL? And what other specs
> related to WebApps/HTML/CSS are using a registry?

It depends on the WG. For example, in HTML they are using a wiki to keep 
track of link @rel values. It seemed to the W3C that adding new 
algorithm identifiers would require more supervision than adding new 
possible @rel values, so that's why IANA came up. However, W3C specs 
very often turn to IANA for registries - media/types for new specs being 
the most well-known example. However, a wiki at w3.org would also still 
be an option if the WG felt that was a better idea.
>
> It's clear from members' and public request, not to mention our own
> secondary features, that there's more than enough to keep this WG
> occupied for some time.
>
> Not to mention what would the procedure be for adding algorithms?
> Typically IANA registries (as used by IETF) specify the rules for
> adding items - such as WG review. What's the value in the registry if
> all work goes through the WG - which would essentially be maintaining
> a registry?

Yes, I think you already did a good job specifying the rules for 
registering a new algorithm in the WebCrypto API. So, the only change 
I'd see would be the registry, using the rules you provided, would be 
run in perpetuity by IANA rather than ran in perpetuity by the W3C.

I think the thinking is at some point the WG will eventually finish up 
the spec but people, due to the changing nature of the crypto landscape, 
still want to add new algorithms, and so the idea is to "future proof" 
the registry as much as possible by making sure someone always answers 
the emails asking for new algorithms.
>
> In short, I'm not convinced - and while not enough to register an
> objection at this point, I think the question has been approached from
> the wrong side.

The idea was brought up by TLR at W3C, and I have inquired at IANA. 
We'll have an answer back shortly, and if they don't want yet another 
registry I can see this being a moot point. But I wanted to keep the WG 
in the loop to see how folks felt of course.
>
>> I've opened up the discussion with IANA folks and we'll have their answer
>> back at some point fairly shortly I think.
>>
>>     cheers,
>>        harry
>>
>>

Received on Saturday, 19 January 2013 10:15:54 UTC