- From: <bugzilla@jessica.w3.org>
- Date: Tue, 20 May 2014 23:54:11 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25842 Bug ID: 25842 Summary: Web developers given enough crypto rope to shoot selves in foot Product: Web Cryptography Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Web Cryptography API Document Assignee: sleevi@google.com Reporter: me@tomlowenthal.com CC: public-webcrypto@w3.org Web developers are offered a whole grab bag of crypto algorithms and primitives. This is not fundamentally problematic: there may be web developers who are deeply familiar with cryptography and have the wherewithall to reasonably evaluate which algorithms they should and should not be using. However, most web developers are not. Providing a recipe book of algorithms makes it unreasonably easy for web developers to pick wrong. In addition to making a wide range of primitives available to those who know what they're doing, the spec should take advantage of the considerable cryptographic expertise in the WG to construct secure, simple-to-use high-level primitives and recommend that most developers use them. DJB's NaCl library provides a good illustration of how to both provide secure default operations and make numerous primitives available for advanced applications. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Tuesday, 20 May 2014 23:54:12 UTC