[Bug 25618] Extensibility: Offer spec-blessed ways to extend the algorithms and curves, rather than monkey-patching the spec


--- Comment #18 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Mike Jones from comment #17)
> > In comment 15, Ryan wrote:
> > This is API. This is not a protocol format. API changes, by design, take
> > time, because we need all UAs to agree to the shape and purpose of such API
> > changes, since it's the shared API of the web.
> You're missing a key distinction, at least as I see it, Ryan.  APIs are
> about things like how you express the "sign" operation and the "decrypt"
> operation.  These will not change over time.
> Whereas, the names of the algorithms used with those operations *will*
> change over time as new algorithms are adopted and old algorithms are
> deprecated.  That's a consequence of crypto agility, and critical to the
> long-term success of the spec.  That's why the set of algorithms need to be
> extensible without updating the base spec.  It's *not* API.
> This could happen via a registry, a wiki, a web site with expert review,
> etc.  I'm not all that picky about the particular mechanism.  But the point
> is that it needs to be a mechanism that accommodates algorithm changes as a
> normal part of the life cycle of the usage of spec - unlike methods like
> "sign" and "decrypt", which *are* API, and which aren't expected to change.

Mike, Harry,

Since this bug has morphed into the registry discussion, I'm going to kindly
ask you to take it to another bug. This discussion of registry is entirely
orthogonal to why I filed this bug, or of the issues that remain.

Mike, I'm very much aware, and violently disagree with your assertion. That is,
this is *not* a naming issue, is very much an API issue, and is very much that
window.crypto.subtle.encrypt("AES-GCM", foo, bar, baz) is no different in form
or function than window.crypto.subtle.encrypt.aes-gcm(foo, bar, baz).

If you wish to continue this discussion - a discussion that we've repeatedly
had and seemingly closed - on a new bug, I'm happy to follow-up there. But I
think we'd be doing a great disservice to this bug, and the very real and
pressing spec issues, to try to mix that discussion in here.


You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 4 August 2014 20:30:46 UTC