- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 24 Dec 2014 16:55:45 -0800
- To: Cullen Jennings <fluffy@cisco.com>
- Cc: public-webcrypto@w3.org, public-webrtc@w3.org
- Message-ID: <CACvaWvZwYs6vxtBpHUG=wiViMPVDev_hfbx189U+mm=Dkd_0dQ@mail.gmail.com>
On Dec 24, 2014 9:41 AM, "Cullen Jennings (fluffy)" <fluffy@cisco.com> wrote: > > > Developing two uncoordinated sets of crypto APIs for browsers sounds like a bad idea in the long term. It's hard enough to get one right. > You aren't developing a crypto API. If you are, then we are doing it wrong. At best, you're simply talking identities - how those are represented, crypto or otherwise - should be irrelevant to your API. In the least, WebRTC should be striving to expose as little influence on the crypto as possible. > If the webcryto stuff we have today can't meet the needs to many major uses cases - and I view WebRTC and one of them - then I think we need to step back and rethink the API and figure out to get to a common crypto API that can. Um, your needs are intentionally out of charter. My entire point is that there is zero that WebRTC needs from web crypto. We aren't trying to develop a "common for all crypto-using thingies" API, never have been. This isn't a failure of Web Crypto - it's a failure to realize you neither need nor should want Web Crypto. That is, what is being advocated here and in Web Push were things debated for over a year, and which were kept out of scope because they aren't in practice necessary. So it's less about brining Web Crypto to change, but explaining why that change isn't necessary. > > A good starting point might be to have a joint call and explain what the webrtc guys are trying to accomplish as a use case and tease out some better requirements from a webcrypto point of view and then see how well things align. Again, this isn't a web crypto problem. That is, WebRTC has various needs, which need to be written down still, and for which Web Crypto is one of many possible solutions. I think we are saying the same thing, but I want to make sure there isn't a tunnel in on thinking that Web Crypto is the de facto solution. > That might help deal with what to with things like your Req #6 which I suspect is not a short requirement for webrtc but it somewhere we want to go long term. I think that would also make it much easier for everyone to start thinking about what's need and if what you proposed in your email would work well. > > > > > >
Received on Thursday, 25 December 2014 00:56:13 UTC