Algorithm management goals

Trying to focus the discussion around registries, I wanted to propose that we try to at least agree on the priorities / requirements for the various processes for managing algorithms.  The following are *possible* requirements; I don't necessarily agree with all of them.  I use the phrase "registry" below, but this could also be a section of the API document.

1. For each algorithm, the registry entry should specify name, parameters, and parameter types, for generation and operations.

2. For each algorithm in the registry, there should be a publicly-available specification.

3. There should be only one entry in the registry for each cryptographic algorithm, where equivalence of algorithms is determined by an expert designated by the WG.

4. Presence in the registry should guarantee that a script can use the algorithm in any browser implementing the WebCrypto API.

5. The registry should indicate whether there is consensus in the W3C community that an algorithm is secure.

It would be helpful if people could say which of these candidates they thing should be a requirement, or propose any other requirements they have in mind.


Received on Monday, 4 March 2013 20:29:18 UTC