- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 24 Mar 2014 10:25:10 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Alex Russell <slightlyoff@google.com>, "www-tag@w3.org List" <www-tag@w3.org>, Yehuda Katz <wycats@gmail.com>
- Message-ID: <CACvaWvY+LqVRk4wycOvHHXfECnpnNT3JETL1kCgLoQ3x6-tcyQ@mail.gmail.com>
On Mon, Mar 24, 2014 at 10:18 AM, Anne van Kesteren <annevk@annevk.nl>wrote: > On Mon, Mar 24, 2014 at 5:11 PM, Ryan Sleevi <sleevi@google.com> wrote: > > Obviously, I'm biased. However, hopefully the TAG can provide their input > > and guidance on the design of this, because it's clear that there's no > > progress being made in the WG on this issue. This is rather unfortunate, > but > > since much of the debate is on a matter of "design smells" (whether it > is or > > is not a smell to support the two methods simultaneously, whether it is > or > > is not a smell to require Encoding spec), the TAG seems uniquely > qualified > > to provide input. > > When would you want the ArrayBuffer? If you want it frequently and > performance is critical you might want to expose that. If not, it > seems exposing just the object is fine. Note that you could also > expose an actual object and define its toJSON... > Since serialization to JWK may involve access to keying material, it's done asynchronously, since the underlying APIs may themselves block (particularly if/when talking about other types of cryptographic key storage). So defining toJSON on the Key object doesn't fly without preventing these. As for when ArrayBuffer, only one (very vocal) member has come out in support of it, but without a use case beyond "wire transport", so it's very difficult to evaluate the performance requirements. That said, "performance" appears to be a fairly weak argument, in light of http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0176.html Am I/are we missing any considerations with respect to the JS object route that might impact this? For example, nuances of WebIDL or the environment? Boris Z. mentioned some of the things at http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0156.html Absent performance considerations, is there a good reason to support both methods? It seems more detrimental, from an API design smell, to give lots of little options. > > Also, somewhat related, why are Key objects not something you can > transfer/copy through postMessage? Someone keeps bringing up "local > CORS" over on public-webappsec > > http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/thread.html#msg9 > but it seems like he really wants a way for crypto objects to passed > around. > > > -- > http://annevankesteren.nl/ >
Received on Monday, 24 March 2014 17:31:31 UTC