[W3C Web Crypto WG] about extensions to Web Crypto specification from GALINDO Virginie on 2014-08-06 (public-webcrypto@w3.org from August 2014)

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Wed, 6 Aug 2014 10:18:03 +0000
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2AC369FE6B@A1GTOEMBXV002.gto.a3c.atos.net>

Dear all,

We have to find a mechanism for extending our Web Crypto API specification, in order to integrate in the future some new algorithms, or algorithm flavors. This corresponds to the bug 25618 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618 .

Here are ideas and requirements that were mentioned during the conference calls and the bugzilla discussions. Those statements are high level, and are here to try to identify requirements and principles on this extension mechanism. Note that this discussion is not only about adding new curves, but should also be applicable to next generation of algorithm. So lets try to be generic, in a first step.

1 Extension can be used to add new algorithm (or new flavor of algorithm) to the Web Crypto API
2 Extension is a separate document from the main specification, which must contain complete description of the new (flavor of) algorithm (reference, registration, dictionary, operations, and if is it part of 'recommended algorithms' or not)
3 Extension existence requires to have hook in the main Web Crypto API spec to declare new key format (please add any other impact)
4 Extension can be in a form of a wiki, or a Note or a Recommendation (please state your preferred scenario)
5 The integration of new (flavor of) algorithm requires to go though W3C IP call for exclusion or not (in that case only the Recommendation scenario would work)
6 The new (flavor of) algorithm will requires identifier and short name that need to be registered (in IETF or W3C)

This is a strawman proposal expecting your challenge, criticism and alternatives...
Go !

Regards,
Virginie
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Wednesday, 6 August 2014 10:19:11 UTC