[Bug 25985] WebCrypto should be inter-operable from bugzilla@jessica.w3.org on 2014-06-05 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Jun 2014 13:01:06 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25985-7213-2N8VFtDhgk@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985

--- Comment #11 from Boris Zbarsky <bzbarsky@mit.edu> ---
> This is the general algorithm discovery problem

That doesn't answer my question, unfortunately.  How is this API envisioned to
be used?

> Within the WG, the plan has been that during the CFI phase

To be honest, I'm more interested in practical in-the-field interop than in the
process wrangling here.  The two-implementations interop requirement is meant
to ensure in-the-field interop, but that generally requires, imo, that the same
two implementations pass all the tests.  Of course it's common for working
groups to try to use some weaker criterion there...  In any case, all that is a
side-issue; the real issue is what happens out in the wild.

> If this sounds like a horrible place to be in

Yes, it does!

> This is akin to trying to define a set of 3D APIs, when the underlying
> implementation may be on OpenGL, DirectX, and Glide, during their heyday.

We have a set of 3D APIs where the underlying implementation may be OpenGL,
DirectX, or software on the web today.  It's called WebGL.  This was done by
only defining a lowest-common-denominator sort of API that could be implemented
on top of other things.

We also have a set of 2D APIs on the web (canvas) that is implemented on top of
all sorts of different graphics libraries.

Your situation is actually quite different, as I understand, because you're
saying there _isn't_ actually meaningful lowest-common-denominator overlap of
actual end-to-end functionality between crypto libraries.

> However, there's already been concern about whether or not the 192-bit AES
> key sizes are worthwhile from an implementation standpoint, or if practically
> speaking, only 128/256-bit are meaningful.

Well, requiring at least the 128 or 256 size might be at least a start...

It seems completely wrong to me that an implementation can implement absolutely
no algorithms and reasonably claim to be implementing this spec.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 5 June 2014 13:01:07 UTC