A couple updates to this thread: 1) DOMCrypt seems to be moving along the W3C path. There isn't a working group set up yet, but there seems to be sufficient interest that a W3C activity appears to be spinning up around this effort.
2) Ian Fette met with a number of banks in South Korean and Taiwan, and they're interested in using this API to replace their current reliance on ActiveX-based security plug-ins. I'm sure that many of you are more familiar with the "Korean Bank problem" than I am, but the main issue is that folks in Korea have trouble adopting non-IE browsers because their banks use ActiveX plug-ins to interact with certificates in order to help secure some of their banking interactions. One way we'd like to improve the web platform is to provide the web platform is to provide support for these use cases. The exact requirements from the Korean Banks are somewhat involved, and I'm not entirely sure we've understood them fully yet, so we'd like to start experimenting with something that seems generally useful and see whether how well it addresses their needs. I've added a brief description of one starting point for this discussion to the Mozilla wiki on DOMCrypt: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest#Possible_Additions (Note: I haven't discussed this use case with David Dahl yet, so it is entirely possible this will be cut from DOMCrypt.) One thing that would be helpful in making progress here would be to start experimenting with this API in WebKit. I suspect we'll need to iterate a number of times on the API in order to make sure we end up with something that works for these Korean banks. Having running code that they can play with would be very useful, especially in light of the language barrier. I'd like to re-iterate that we have no intention of enabling this feature by default until the specification and standards process is more mature. Experimenting with this API should have very little impact on other consumers of WebKit. Thanks, Adam On Wed, Jul 27, 2011 at 10:06 AM, Sam Weinig <wei...@apple.com> wrote: > I think we should let the spec mature a bit before diving in. > > -Sam > > On Jul 26, 2011, at 10:53 PM, Adam Barth wrote: > >> Hi webkit-dev, >> >> As some of you are probably aware, Mozilla is experimenting with >> exposing some basic cryptographic primitives to web applications: >> >> https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest >> >> I wanted to get a sense from the WebKit community about how interested >> we are in implementing this feature. My sense is that this API is >> fairly early in it's lifecycle, so one perspective is that we should >> wait for Mozilla to experiment for a bit longer and revisit this >> question once the design is further along (e.g., submitted to the W3C >> standards process). >> >> Another perspective is that there are some simple parts of the API >> that we should implement now, and we can grow into the more involved >> parts of the API as they mature. For example, the CryptoHash >> interface can be implemented independently of the rest of the API and >> provides value by itself. >> >> Thoughts? >> >> Adam >> _______________________________________________ >> webkit-dev mailing list >> webkit-dev@lists.webkit.org >> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > > _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev