Re: WebCrypto - In "progress" since 2012 from Harry Halpin on 2016-04-30 (public-webpayments@w3.org from April 2016)

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 29 Apr 2016 21:09:33 -0400
To: public-webpayments@w3.org
Message-ID: <572405CD.109@w3.org>
On 04/29/2016 08:02 PM, Randall Leeds wrote:
> Pieces of WebCrypto land in every new release of these major browsers
> and the post you refer to is taking stock of things that are remaining
> barriers to interoperability.
>
> Just this past week, Firefox 46, "Added HKDF support for Web Crypto
> API <https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API>".
>
> From my vantage point, WebCrypto is happening.
>
> Does the progress disappoint you? Why? What's your rush?

To be precise, it is supported across all major browsers:

http://caniuse.com/#feat=cryptography

Pre-Rec, the final open issues are BER/DER and ServiceWorkers support.
The majority of the spec is usable today.

>
> More importantly, how is your vague complaining supposed to be in any
> way helpful?
>
> What are we supposed to take away from your message?

Many people ask themselves this. I don't see anything useful that
complaining accomplishes. What would be better would be actual help,
i.e. creating a test-suite, filing bugs, rather than these kinds of
emails. 

>
> On Fri, Apr 29, 2016 at 1:56 AM Timothy Holborn
> <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>
>     imho cryptography that is highly secure from un-intended
>     use seemed interesting yet difficult to find means to work
>     collaboratively on the stuff that would otherwise be considered
>     'low hanging fruit'. So, when thinking about it from a modern
>     context - i also took into account quantum computing capabilities
>     as to consider meaningfully concepts surrounding the principle of
>     'rule of law' where i noted today the following text
>
>     There is no single agreed definition of the rule of law. However,
>     there is a basic core definition that has near universal acceptance.
>
>     As Emeritus Professor Geoffrey Walker, has written in his defining
>     work on the rule of law in Australia: ‘…most of the content of the
>     rule of law can be summed up in two points:
>
>     (1) that the people (including, one should add, the government)
>     should be ruled by the law and obey it and
>
>     (2) that the law should be such that people will be able (and, one
>     should add, willing) to be guided by it.’
>
>     – Geoffrey de Q. Walker, The rule of law: foundation of
>     constitutional democracy, (1st Ed., 1988).
>
>
>
>     Source: http://www.ruleoflaw.org.au/principles/
>
>
>     also, IMHO: It's that concept of a 'human centric web' that's most
>     difficult to discover.   Yet in consideration - the way most
>     people (who are old enough to remember) started on the web with
>     trumpet winsock[2] - not something that was packaged with the OS
>     (without going into the really old stuff...).  
>
>     Now therefore; When considering the concept of the map [3] I've
>     been thinking about the differences or nuances between the goals
>     of building a web for documents (ie: web 1/2) and one for data
>     ("web 3").  If a 'trumpet winsock' to deal with the ID/Crypto
>     issues were produce today, what would it do and how could it be
>     packaged?  How would solve the very diverse issues that relate to
>     the problem-domain? 
>
>     I guess underlying it all is a need to acknowledge that decisions
>     are being made about processes that are being put into the hands
>     of various parties and pending the architectural decisions of
>     those designs; we'll end-up with different social outcomes
>     regardless of 'who wins' the more myopically definitive process
>      as to have successfully completed the project.   Equally; i'm
>     probably better off coding rather than thinking and well, the work
>     done here has been rather awesome; so perhaps it's just my
>     expectations that need to be adjusted...  that balance between
>     doing your best and living with humility / being human.
>
>     I think more work needs to go into producing interoperablity with
>     SoLiD[4] solutions.  For me the process of trying to bring the two
>     worlds together seems really very daunting...
>
>     Tim.H
>
>     [1] https://en.wikipedia.org/wiki/Lattice-based_cryptography 
>     [2] http://thanksfortrumpetwinsock.com/
>     [3] https://www.w3.org/2007/09/map/main.jpg
>     [4] https://github.com/solid/
>
>
>     On Tue, 19 Apr 2016 at 15:33 Anders Rundgren
>     <anders.rundgren.net@gmail.com
>     <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>         https://lists.w3.org/Archives/Public/public-webcrypto/2016Jan/0022.html
>
>         And still no interoperable standard.
>
>         Making it possible extending browsers through Apps seems like
>         a much easier way keeping the Web alive and kicking.
>         Insurmountable security issues?  No, Google and Microsoft have
>         solved these in Web Payments; they just haven't shared their
>         findings with us.
>
>         Anders
>
Received on Saturday, 30 April 2016 01:09:36 UTC