- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 27 Mar 2013 16:40:43 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Mar 27, 2013 at 4:20 PM, Mark Watson <watsonm@netflix.com> wrote:
>
> Sorry if I missed this, but could someone explain the rationalle for putting all the low level API methods inside the window.crypto.subtle, rather than in window.crypto ?
>
> Is this to provide a separate space for the high level API ?
>
> The name ("SubtleCrypto") just seems rather weird.
>
> ...Mark
This has been repeatedly raised on the list, including by the CFRG,
from other browser vendors (Ben Adida from Mozilla and Brian LaMacchia
from MSFT), and from feedback from the general community that the API
should clearly call out the nature of the crypto as part of the API
design.
We discussed, on this list, during the F2F, and during past calls,
about design patterns like making certain *algorithms* follow a naming
scheme, but as was explained, such a system does not provide for
future capabilities like deprecating algorithms and/or moving them
from "strong" to "weak". Further, as has been pointed out by a number
of people, even "strong" crypto can be misused by combining the
primitives incorrectly.
All of these reasons lead to the adoption of window.crypto.subtle,
similar to other languages (such as Go), as a clear indicator that
"Care is needed, for here be dragons" - a recognition of the critical
importance of quality low-level primitives, but also of the ability to
misuse.
Received on Wednesday, 27 March 2013 23:41:11 UTC