- From: TRON-DELTA.ORG <info@tron-delta.org>
- Date: Thu, 27 Dec 2012 02:11:54 +0100
- To: public-webcryptoapi@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found the following within the document [D1] »Web Cryptography API« (W3C Working Draft 13 September 2012), chapter 4.4 (Out of scope): "This API, while allowing applications to generate, retrieve, and manipulate [..]" As far as I can see this is also the latest published version. As I understand from the document it does not define the way of implementation itself. Therefore your question regarding obstacles is indeed a valid one! I think it is mandatory to ensure that the user agent does not get compromised (a lot of techniques are required here) and the local certs are kept safe by all means (even when the user agent was compromised). I think a special UI is not necessary here but an extension of configuration menus, maybe a generator for certs, a checker/validator, and something like that. Maybe this could look a little bit like the OpenPGP menu and config stuff for e.g. in Thunderbird. This is for the client-side implementation. Finally I recommend you to read chapters 5 (Security considerations), 6 (Privacy considerations), 9 (Algorithm dictionary) since one should not use arbitrary algorithms and chapter 10ff. (Key interface). The chapters following 10 are all more or less related to the interface. Chapter 23 (Algorithms) covers the used algorithms and chapter 25 (JavaScript Example Code) contains an example in JavaScipt. This is for the server-side implementation. I hope that was helpful to you! ;-) [D1] http://www.w3.oorg/TR/2012/WD-WebCryptoAPI-20120913/#scope-out-of-scope Kind regards Mathias Hollstein TRON-DELTA.ORG Non-Governmental Intelligence Organization Frankfurt, Germany http://tron-delta.org http://sourceforge.net/users/hollstein/ http://www.xing.com/profile/Mathias_Hollstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFQ26Ba0mYqV95pe8wRAuTrAJ9A3X9vviAIeLHvqqTr6Eo1dapMdwCffrVK NxmoEiRBHNHyOelPbBZ9g7U= =2FOX -----END PGP SIGNATURE-----
Received on Saturday, 29 December 2012 12:17:40 UTC