W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2016

Re: WebCrypto - In "progress" since 2012

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 29 Apr 2016 21:09:33 -0400
To: public-webpayments@w3.org
Message-ID: <572405CD.109@w3.org>

On 04/29/2016 08:02 PM, Randall Leeds wrote:
> Pieces of WebCrypto land in every new release of these major browsers
> and the post you refer to is taking stock of things that are remaining
> barriers to interoperability.
> Just this past week, Firefox 46, "Added HKDF support for Web Crypto
> API <https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API>".
> From my vantage point, WebCrypto is happening.
> Does the progress disappoint you? Why? What's your rush?

To be precise, it is supported across all major browsers:


Pre-Rec, the final open issues are BER/DER and ServiceWorkers support.
The majority of the spec is usable today.

> More importantly, how is your vague complaining supposed to be in any
> way helpful?
> What are we supposed to take away from your message?

Many people ask themselves this. I don't see anything useful that
complaining accomplishes. What would be better would be actual help,
i.e. creating a test-suite, filing bugs, rather than these kinds of

> On Fri, Apr 29, 2016 at 1:56 AM Timothy Holborn
> <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>     imho cryptography that is highly secure from un-intended
>     use seemed interesting yet difficult to find means to work
>     collaboratively on the stuff that would otherwise be considered
>     'low hanging fruit'. So, when thinking about it from a modern
>     context - i also took into account quantum computing capabilities
>     as to consider meaningfully concepts surrounding the principle of
>     'rule of law' where i noted today the following text
>     There is no single agreed definition of the rule of law. However,
>     there is a basic core definition that has near universal acceptance.
>     As Emeritus Professor Geoffrey Walker, has written in his defining
>     work on the rule of law in Australia: ‘…most of the content of the
>     rule of law can be summed up in two points:
>     (1) that the people (including, one should add, the government)
>     should be ruled by the law and obey it and
>     (2) that the law should be such that people will be able (and, one
>     should add, willing) to be guided by it.’
>     – Geoffrey de Q. Walker, The rule of law: foundation of
>     constitutional democracy, (1st Ed., 1988).
>     Source: http://www.ruleoflaw.org.au/principles/
>     also, IMHO: It's that concept of a 'human centric web' that's most
>     difficult to discover.   Yet in consideration - the way most
>     people (who are old enough to remember) started on the web with
>     trumpet winsock[2] - not something that was packaged with the OS
>     (without going into the really old stuff...).  
>     Now therefore; When considering the concept of the map [3] I've
>     been thinking about the differences or nuances between the goals
>     of building a web for documents (ie: web 1/2) and one for data
>     ("web 3").  If a 'trumpet winsock' to deal with the ID/Crypto
>     issues were produce today, what would it do and how could it be
>     packaged?  How would solve the very diverse issues that relate to
>     the problem-domain? 
>     I guess underlying it all is a need to acknowledge that decisions
>     are being made about processes that are being put into the hands
>     of various parties and pending the architectural decisions of
>     those designs; we'll end-up with different social outcomes
>     regardless of 'who wins' the more myopically definitive process
>      as to have successfully completed the project.   Equally; i'm
>     probably better off coding rather than thinking and well, the work
>     done here has been rather awesome; so perhaps it's just my
>     expectations that need to be adjusted...  that balance between
>     doing your best and living with humility / being human.
>     I think more work needs to go into producing interoperablity with
>     SoLiD[4] solutions.  For me the process of trying to bring the two
>     worlds together seems really very daunting...
>     Tim.H
>     [1] https://en.wikipedia.org/wiki/Lattice-based_cryptography 
>     [2] http://thanksfortrumpetwinsock.com/
>     [3] https://www.w3.org/2007/09/map/main.jpg
>     [4] https://github.com/solid/
>     On Tue, 19 Apr 2016 at 15:33 Anders Rundgren
>     <anders.rundgren.net@gmail.com
>     <mailto:anders.rundgren.net@gmail.com>> wrote:
>         https://lists.w3.org/Archives/Public/public-webcrypto/2016Jan/0022.html
>         And still no interoperable standard.
>         Making it possible extending browsers through Apps seems like
>         a much easier way keeping the Web alive and kicking.
>         Insurmountable security issues?  No, Google and Microsoft have
>         solved these in Web Payments; they just haven't shared their
>         findings with us.
>         Anders
Received on Saturday, 30 April 2016 01:09:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:46 UTC