- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 4 Mar 2013 12:46:30 -0800
- To: Richard Barnes <rbarnes@bbn.com>
- Cc: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
On Mon, Mar 4, 2013 at 12:28 PM, Richard Barnes <rbarnes@bbn.com> wrote: > Trying to focus the discussion around registries, I wanted to propose that we try to at least agree on the priorities / requirements for the various processes for managing algorithms. The following are *possible* requirements; I don't necessarily agree with all of them. I use the phrase "registry" below, but this could also be a section of the API document. > > 1. For each algorithm, the registry entry should specify name, parameters, and parameter types, for generation and operations. > > 2. For each algorithm in the registry, there should be a publicly-available specification. > > 3. There should be only one entry in the registry for each cryptographic algorithm, where equivalence of algorithms is determined by an expert designated by the WG. > > 4. Presence in the registry should guarantee that a script can use the algorithm in any browser implementing the WebCrypto API. > > 5. The registry should indicate whether there is consensus in the W3C community that an algorithm is secure. I think you're going to have to qualify "secure" somehow. 6. The registry should indicate whether there is consensus in the W3C community to implement the algorithm. [This is different from 4 in that it's not a guarantee, but still a strong(er) guarantee] > > It would be helpful if people could say which of these candidates they thing should be a requirement, or propose any other requirements they have in mind. > > Cheers, > --Richard > >
Received on Monday, 4 March 2013 20:46:57 UTC