- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 14 Feb 2011 02:47:18 -0800
On Sun, Feb 13, 2011 at 10:12 PM, Mark S. Miller <erights at google.com> wrote: > On Sun, Feb 13, 2011 at 6:37 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote: >> On 2/13/11 8:22 PM, Adam Barth wrote: >>> It seems likely that window.crypto will continue to grow more quality >>> cryptographic APIs, not all of which will be appropriate at the >>> ECMAScript level. >>> >> >> Sure; the question is whether this _particular_ API would be more >> appropriate at the language level. ?Or more to the point, if the language >> plans to grow it anyway, do we need two APIs for it? >> >> It's worth at least checking with the ES folks whether they plan to add a >> API like this (something that fills in an array of bytes with >> cryptographically strong random values) in any sort of short-term timeframe. > > Thanks for checking. The answer is yes. I'm scheduled to start a discussion > of <http://wiki.ecmascript.org/doku.php?id=strawman:random-er> at either the > upcoming March or May meetings. Currently random-er is on the agenda for May > but I may swap it into March. As you can tell, this page is currently only a > placeholder. > > I have also talked just a bit with Shabsi Walfish, Ben Laurie, David Wagner, > and Bill Frantz, all cc'ed, about the possibility of a real crypto API for > EcmaScript. With the sole exception of randomness, I believe that we should > handle this the same way we're handling i18n -- as a separate working group > within tc39 (the EcmaScript committee) working on a separate standard > library in a separate standards document. The reason to make an exception > for random-er is that it's the only fundamental omission. Given a decent > random-er, everything else can be done initially in JS. That's a pretty long time horizon. You're going to start discussing it in 2-4 months? That seems a bit overwrought for what amounts to four lines of code. In any case, I don't mean to discourage you. Having nice crypto APIs available to JavaScript would be quite useful. Adam
Received on Monday, 14 February 2011 02:47:18 UTC