- From: David Dahl <ddahl@mozilla.com>
- Date: Wed, 27 Jul 2011 07:16:17 -0700 (PDT)
----- Original Message ----- > From: "Simon Heckmann" <simon at simonheckmann.de> > To: "Adam Barth" <w3c at adambarth.com> > Cc: "Silvia Pfeiffer" <silviapfeiffer1 at gmail.com>, "WHATWG Proposals" <whatwg at lists.whatwg.org>, "David Dahl" > <ddahl at mozilla.com> > Sent: Wednesday, July 27, 2011 4:13:38 AM > Subject: Re: [whatwg] DOMCrypt update: July 14 Meeting Report > I totally agree with you. My code was just an example. I also think it > should be idiot proof. > > However, I think the whole API should be loosly coupled. Requiring the > client to initialize a cryptographic function on the server seems to > tightly linked. This is how we can limit the scope and reduce the attacks that are possible cross-domain. The keypair is usable only with the origin that created it. > I think it should be possible to decrypt any chunk of > data with the DOMCrypt API as long as I know the algorithm and the > key. But maybe this is out of scope and I am thinking in too universal > concepts? > Perhaps, however, your use cases are not out of the question. We just want to start with a smaller surface, making this API simpler to implement and use. Regards, David
Received on Wednesday, 27 July 2011 07:16:17 UTC