- From: <bugzilla@jessica.w3.org>
- Date: Thu, 05 Jun 2014 16:33:03 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985 --- Comment #21 from Ryan Sleevi <sleevi@google.com> --- (In reply to Mark Watson from comment #19) > > It's not clear to me how the above is an argument against what was proposed. > > The idea would be that at some future point (say a year from now), we look > at what has actually been implemented across multiple platforms. You have > the advantage that your platform would certainly be included in the ones we > look at. If we find there is a common subset that is widely implemented, we > make that subset mandatory for future implementations. This doesn't work in practice for two reasons. 1) For some efforts, the finite resources of implementation have been focused on particular platforms where business requirements, rather than technical, have prioritized the implementation or support of certain algorithms. 2) Not all platform implementations, even within Chrome, are being pursued at the same rate. I've already explained why, even for a single vendor, there is a vast swath of capabilities. Trying to argue for required algorithms favors those incumbents with implementations already, OR it encourages 'defensive' implementing in which the least possible is implemented within that time frame, to avoid the most normative requirements. Most importantly, however, should the simplest and most obvious reason: Your guarantees mean nothing. The UA is the User's Agent, and thus will run on platforms where algorithm X is not available or disabled, or key sizes less than Y are disabled. Your precious web application *has* to deal with these issues as a matter of course already. Saying MUST, in WebCrypto, is really saying http://tools.ietf.org/html/rfc6919#section-1 -- You are receiving this mail because: You are on the CC list for the bug.
Received on Thursday, 5 June 2014 16:33:07 UTC