Re: WebRTC Certificate Management - a plea to NOT use Web Crypto from Cullen Jennings (fluffy) on 2014-12-24 (public-webrtc@w3.org from December 2014)

From: Cullen Jennings (fluffy) <fluffy@cisco.com>
Date: Wed, 24 Dec 2014 17:41:49 +0000
To: Ryan Sleevi <sleevi@google.com>
CC: "public-webrtc@w3.org" <public-webrtc@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <B41B02F3-630C-4361-A470-B165D744C747@cisco.com>

Developing two uncoordinated sets of crypto APIs for browsers sounds like a bad idea in the long term. It's hard enough to get one right.

If the webcryto stuff we have today can't meet the needs to many major uses cases - and I view WebRTC and one of them -  then I think we need to step back and rethink the API and figure out to get to a common crypto API that can. 

A good starting point might be to have a joint call and explain what the webrtc guys are trying to accomplish as a use case and tease out some better requirements from a webcrypto point of view and then see how well things align. That might help deal with what to with things like your Req #6 which I suspect is not a short requirement for  webrtc but it somewhere we want to go long term. I think that would also make it much easier for everyone to start thinking about what's need and if what you proposed in your email would work well.

Received on Wednesday, 24 December 2014 17:42:17 UTC