- From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
- Date: Thu, 5 Mar 2015 17:40:52 +0000
- To: Charles Engelke <w3c@engelke.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Thanks Charles for that information about implementation and coverage. We need now to hear from the implementers their whish to gather this minimum common set into a note, or a specification dedicated to be a recommandation. Regards, Virginie ________________________________________ De : charles.engelke@gmail.com [charles.engelke@gmail.com] de la part de Charles Engelke [w3c@engelke.com] Envoyé : jeudi 5 mars 2015 18:28 À : GALINDO Virginie Cc : public-webcrypto@w3.org Objet : Re: [Web Crypto WG] about defining profiles On Thu, Mar 5, 2015 at 5:44 AM, GALINDO Virginie <Virginie.Galindo@gemalto.com> wrote: > Dear all, > > a question to the WG members (and specially to implementers) related to > defining profile(s) and tracked into the bug 25985 [1]. As a developer, not UA implementer, I would find profiles very useful, especially a minimal one that all UAs support. That should include at least one each of PK signing, PK encryption, symmetric encryption, HMAC, hash, and key derivation. With those universally available I could build applications that could communicate with each other regardless of the browser they run on. > - what is the current overlapping coverage of algorithms across the > implementations ? It appears that browser makers pretty much support a common set of those kinds of algorithms (almost). I've got some sample applications at https://github.com/infotechinc, and have found that every browser I've tried that supports web crypto at all runs all of them successfully except key derivation. Specifically, I've found universal support for RSASSA-PKCS1-v1_5, RSA-OAEP, AES-CBC, and SHA-256. Only Chrome Canary and Opera Developer support PBKDF2 at this time. I've tried these apps on Chrome, Opera, and Firefox on Ubuntu Linux and Windows 7, and Chrome on Android 5.0. (I'm still tickled that the ones that don't use files work on my Android Wear watch, too.) I'm putting together a table of browser support based on those apps plus the results from the Web Cryptography API Live Table from https://diafygi.github.io/webcrypto-examples/ . I'll share that when it's done, probably within a day or two. I've also found Safari on OS/X, which has a prefixed subtle crypto implementation, seems to support many of the apps but still has issues that keep most of them from working. I haven't tried Internet Explorer's prefixed implementation because it is based on a much earlier version of the API that isn't compatible with the current one. > - what is your feeling about having a profile captured into a document ? > - which level of normalization would you like ot see associated with that > document ? (being a note, a recommendation...). I would very much like that. I'm not set on any particular level of normalization, probably because I don't have a good understanding of the differences. Thanks, Charlie -- Charles Engelke, Chief Technology Officer Info Tech, Inc. Phone: +1 (352) 381-4400 ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Thursday, 5 March 2015 17:41:23 UTC