On 2015-02-18 08:59, David Leon Gil wrote:
W.r.t. WebCrypto-Next:
It would be wonderful to see a few useful algorithms added to the spec:
- a modern VOF (e.g., SHAKE256)
- a fast hash function (e.g., BLAKE2b)
- a sequential-hard KDF (e.g., scrypt)
- some non-NSA curves
as well as a slightly higher-level interface that makes it less
complicated to do things like (cryptographically sound) ECDH without
shooting yourself in the foot repeatedly. (I tried with the current
API, and I have fewer toes.)
There are some other things that would be great to see standardized in
this area, but WebCrypto may not be the appropriate WG.
This belongs to a WebCrypto "maintenance" task which is an entirely different
topic than the stuff referred to in my posting.
Anders
On Tue, Feb 17, 2015 at 10:30 PM, Anders Rundgren
<anders.rundgren....@gmail.com> wrote:
As you probably noted, all proposals related to
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/
were shot down.
Are we waiting on something, and if so is the case, exactly what?
Is the idea of building on an already semi-established solution like Chrome
Native Messaging unacceptable?
Or should this disparate community rather standardize on U2F?
Another solution (IMO "workaround") is using local services supplying
"Security Services" through Redirects, XHR or WebSockets.
Since the (in)famous plugins were simply removed without any thoughts of the
implications, it seems that the browser vendors currently "own" this
question.
Anders
