Re: SubtleCrypto

On Mar 27, 2013, at 7:40 PM, Ryan Sleevi <sleevi@google.com> wrote:

> On Wed, Mar 27, 2013 at 4:20 PM, Mark Watson <watsonm@netflix.com> wrote:
>> 
>> Sorry if I missed this, but could someone explain the rationalle for putting all the low level API methods inside the window.crypto.subtle, rather than in window.crypto ?
>> 
>> Is this to provide a separate space for the high level API ?
>> 
>> The name ("SubtleCrypto") just seems rather weird.
>> 
>> ...Mark
> 
> 
> 
> This has been repeatedly raised on the list, including by the CFRG,
> from other browser vendors (Ben Adida from Mozilla and Brian LaMacchia
> from MSFT), and from feedback from the general community that the API
> should clearly call out the nature of the crypto as part of the API
> design.
> 
> We discussed, on this list, during the F2F, and during past calls,
> about design patterns like making certain *algorithms* follow a naming
> scheme, but as was explained, such a system does not provide for
> future capabilities like deprecating algorithms and/or moving them
> from "strong" to "weak". Further, as has been pointed out by a number
> of people, even "strong" crypto can be misused by combining the
> primitives incorrectly.
> 
> All of these reasons lead to the adoption of window.crypto.subtle,
> similar to other languages (such as Go), as a clear indicator that
> "Care is needed, for here be dragons" - a recognition of the critical
> importance of quality low-level primitives, but also of the ability to
> misuse.

This is of course a completely useless precaution.  Once someone writes a blog post saying "Here's how you use all this cool crypto stuff", everyone will use window.crypto.subtle anyway, regardless of whether they are experienced cryptographers.  Whatever we make here is exposed to the world, not just experts.

--Richard

Received on Thursday, 28 March 2013 15:07:40 UTC