On Mar 18, 2011, at 6:44 PM, Shabsi Walfish wrote: > On Fri, Mar 18, 2011 at 4:53 PM, Brendan Eich <bren...@mozilla.com> wrote: > In support of Robert's point, we have Firefox Sync [1], which client-side > encrypts many blocks of user data (not just passwords; cookies, history, > etc.) to hide it from our own (or an alternative; the server is open source) > sync service. > > This needs native speed, which we provide via privileged-JS-only (our > so-called "chrome" user-interface JS) access to our native crypto module > (NSS). The volume in blocks and bytes requires it. Using pure-JS crypto > lowers performance an order of magnitude or two. > > I'm not convinced that you need native speed even for this (and its a bit > specialized, since it lives in the browser chrome). It sounds like you are > talking about a few MB of data, at most.
Sorry, no. I'm telling you our product requirements, not soliciting unquantified speculation. Users have tons of data (think all-tabs session histories). Users do not like waiting. We have to hide sync in the existing schedule, so megabytes do add up. > Native code could probably do that in something like 10 or 20 ms, and even if > you are slower by an order of magnitude you can do it in 200 ms I wrote "or two". > > To your point about the API being "best, most current" crypto-standard (for a > given key size, perhaps): that is usable but often in our modern era, JS > clients must chat with JS server peers using precisely *this* or *that* > crypto protocol. So I imagine we'll need both kinds of APIs: best-latest and > exactly-this. > > Hence you can allow for versioning and backwards compatibility, like most > protocol APIs do. Again, sorry: no. We are not sync'ing ES.next or ES.whatever to *every* protocol and crypto-protocol out there in any future epoch. We can't hope to guess. Instead we would decouple as current, hardcoded-in-C++, distributed in browsers modules do: provide certified and well-thought of algorithms. Ideally it's all doable in JS at good enough perf. Reality is not there yet and won't be for years. Ask around inside Google :-P. /be
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss