Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread yersinia
On Sun, Mar 10, 2013 at 6:58 PM, ianG wrote: > On 10/03/13 20:25 PM, yersinia wrote: > >> On Sun, Mar 10, 2013 at 12:20 PM, D. J. Bernstein > > wrote: >> >> Ryan Sleevi writes: >> > What use case makes the "NaCl" algorithms (whose specification is >> merely >>

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread ianG
On 10/03/13 20:25 PM, yersinia wrote: On Sun, Mar 10, 2013 at 12:20 PM, D. J. Bernstein mailto:d...@cr.yp.to>> wrote: Ryan Sleevi writes: > What use case makes the "NaCl" algorithms (whose specification is merely > 'use NaCl', which boils down to "Use Salsa+Curve25519") worthwh

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread yersinia
On Sun, Mar 10, 2013 at 12:20 PM, D. J. Bernstein wrote: > Ryan Sleevi writes: > > What use case makes the "NaCl" algorithms (whose specification is merely > > 'use NaCl', which boils down to "Use Salsa+Curve25519") worthwhile? > > > Of course, this doesn't imply that NaCl is what developers want

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread ianG
Everyone's got some negatives to say, drawing from their huge experience of how they do things, and things they've read from books, and things that powerful communities have proselytised over the short ages of public domain crypto. Unfortunately, we're not at the point, as a community, of sayi

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread D. J. Bernstein
Ryan Sleevi writes: > What use case makes the "NaCl" algorithms (whose specification is merely > 'use NaCl', which boils down to "Use Salsa+Curve25519") worthwhile? Here's the abstract of "The security impact of a new cryptographic library" (http://cr.yp.to/highspeed/coolnacl-20120725.pdf): Th

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread Paterson, Kenny
On 10 Mar 2013, at 11:01, Ben Laurie wrote: > On 10 March 2013 10:58, Paterson, Kenny wrote: >> >> >> Right here: http://www.w3.org/TR/WebCryptoAPI: > > Somehow missed that. Thanks. > >> 19.1. Recommended algorithms >> >> This section is non-normative >> >> As the API is meant to be exten

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread Ben Laurie
On 10 March 2013 10:58, Paterson, Kenny wrote: > > On 10 Mar 2013, at 10:51, Ben Laurie wrote: > > On 10 March 2013 01:25, Tony Arcieri wrote: > > On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: > > > The Web Cryptography Working Group looks well organized, provides a > > very good roadmap

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread Ben Laurie
On 10 March 2013 01:57, Ryan Sleevi wrote: > Finally, the recommendations are for what implementations should support. > There is not any mandatory to implement suite at this point. Instead, it's > looking at what are the algorithms in vast, sweeping use today in a number > of protocols and applic

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread Paterson, Kenny
On 10 Mar 2013, at 10:51, Ben Laurie wrote: On 10 March 2013 01:25, Tony Arcieri mailto:tony.arci...@gmail.com>> wrote: On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton mailto:noloa...@gmail.com>> wrote: The Web Cryptography Working Group looks well organized, provides a very good roadmap, and o

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread Ben Laurie
On 10 March 2013 01:25, Tony Arcieri wrote: > On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: >> >> The Web Cryptography Working Group looks well organized, provides a >> very good roadmap, and offers good documentation. >> http://www.w3.org/2012/webcrypto/. > > for example they recommend C

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-09 Thread Ryan Sleevi
On Sat, March 9, 2013 5:25 pm, Tony Arcieri wrote: > On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: > > > The Web Cryptography Working Group looks well organized, provides a > > very good roadmap, and offers good documentation. > > http://www.w3.org/2012/webcrypto/. > > > I have a blog po

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-09 Thread Tony Arcieri
On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: > The Web Cryptography Working Group looks well organized, provides a > very good roadmap, and offers good documentation. > http://www.w3.org/2012/webcrypto/. I have a blog post about it forthcoming, but I'd like to share the tl;dr version h

[cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-09 Thread Jeffrey Walton
Hi All, For those interested, it appears Javascript is getting cryptography. The Web Cryptography Working Group looks well organized, provides a very good roadmap, and offers good documentation. http://www.w3.org/2012/webcrypto/. There is a list of use cases at http://www.w3.org/TR/WebCryptoAPI/#