On Dec 3, 2015 8:35 PM, "Harry Halpin" <hhalpin@w3.org> wrote: > > > Seems like an implementation bug to me. > ... That's what I said. But it isn't an implementation bug of the key libraries. That is, BoringSSL doesn't have a bug because it doesn't export what WebCrypto expects. The WebCrypto implementation in Chrome has the bug. BoringSSL is behaving exactly as BoringSSL says it does. (I realize in saying the exact same thing I said in my previous email, but hopefully putting concrete terms makes it easier to understand) > Yes, but you are asking for a modification in underlying key libraries across all browsers? ... No again. In fact, I was suggesting the opposite. I'm saying Safari would need to work around CommonCrypto. Edge would need to work around CryptoAPI. Chrome would need to work around BoringSSL. Firefox would need to work around NSS. Sure, the libraries could change, but that was explicitly what I was NOT suggesting; I was suggesting the browsers would need to carry code to deal with the situation, unless and until the libraries did change. But that isn't a years long thing. That's a few dozen eng-hours. But we need consensus that is the right and acceptable way to solve this - that we agree to work around our libraries differences. > Do you think this is realistic, and if so, within which time-frame would you expect it to ship? > I don't, which is why I never suggested it, and laid out multiple ways to avoid it. Hopefully this makes it clearer what Option 1 is, because it sounds like you have a very different idea in mind.
Received on Friday, 4 December 2015 06:23:05 UTC