- From: <bugzilla@jessica.w3.org>
- Date: Mon, 04 Aug 2014 20:01:11 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618 --- Comment #17 from Mike Jones <Michael.Jones@microsoft.com> --- > In comment 15, Ryan wrote: > This is API. This is not a protocol format. API changes, by design, take > time, because we need all UAs to agree to the shape and purpose of such API > changes, since it's the shared API of the web. You're missing a key distinction, at least as I see it, Ryan. APIs are about things like how you express the "sign" operation and the "decrypt" operation. These will not change over time. Whereas, the names of the algorithms used with those operations *will* change over time as new algorithms are adopted and old algorithms are deprecated. That's a consequence of crypto agility, and critical to the long-term success of the spec. That's why the set of algorithms need to be extensible without updating the base spec. It's *not* API. This could happen via a registry, a wiki, a web site with expert review, etc. I'm not all that picky about the particular mechanism. But the point is that it needs to be a mechanism that accommodates algorithm changes as a normal part of the life cycle of the usage of spec - unlike methods like "sign" and "decrypt", which *are* API, and which aren't expected to change. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 4 August 2014 20:01:12 UTC