W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2011

[whatwg] DOMCrypt update: July 14 Meeting Report

From: David Dahl <ddahl@mozilla.com>
Date: Wed, 27 Jul 2011 07:16:17 -0700 (PDT)
Message-ID: <921425056.660750.1311776177162.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
----- Original Message -----
> From: "Simon Heckmann" <simon at simonheckmann.de>
> To: "Adam Barth" <w3c at adambarth.com>
> Cc: "Silvia Pfeiffer" <silviapfeiffer1 at gmail.com>, "WHATWG Proposals" <whatwg at lists.whatwg.org>, "David Dahl"
> <ddahl at mozilla.com>
> Sent: Wednesday, July 27, 2011 4:13:38 AM
> Subject: Re: [whatwg] DOMCrypt update: July 14 Meeting Report
> I totally agree with you. My code was just an example. I also think it
> should be idiot proof.
> However, I think the whole API should be loosly coupled. Requiring the
> client to initialize a cryptographic function on the server seems to
> tightly linked. 
This is how we can limit the scope and reduce the attacks that are possible cross-domain. The keypair is usable only with the origin that created it.  

> I think it should be possible to decrypt any chunk of
> data with the DOMCrypt API as long as I know the algorithm and the
> key. But maybe this is out of scope and I am thinking in too universal
> concepts?
Perhaps, however, your use cases are not out of the question. We just want to start with a smaller surface, making this API simpler to implement and use.


Received on Wednesday, 27 July 2011 07:16:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:35 UTC