[whatwg] window.cipher HTML crypto API draft spec

David Dahl ddahl at mozilla.com
Tue May 24 13:20:16 PDT 2011


----- Original Message -----
From: "Jungshik Shin (신정식, 申政湜)" <jungshik at google.com>
To: "Ian Fette" <ifette at google.com>
Cc: "David Dahl" <ddahl at mozilla.com>, "WHATWG Proposals" <whatwg at lists.whatwg.org>, channy at gmail.com
Sent: Tuesday, May 24, 2011 2:36:01 PM
Subject: Re: [whatwg] window.cipher HTML crypto API draft spec

Great insight into the situation in Korea, thanks!

> It looks like what David proposed seems to be a good start, but I'm afraid
  it's not sufficient yet to replace various browser-plugins/add-ons used for
  digital sigining and certificate management (as is done in Korea). For
  instance, Channy Yun (who's the leader of Mozilla Koran user group: I'm
  copying to him) has the following proposal.

> http://html5.creation.net/webcrypto-api/

Thank you for the link. I need to read all of these ideas and specs.

> It covers the generation of cert request, cert import, smart card event
  handling (apparently, in China, smartcards are widely used for on-line
  banking) in addition to signing text. 'keygen' (codified in html5) appears
  to cover some of needs for cert request and cert issuance, but does not go
  all the way (to be useful).

yeah, keygen would be so much better as part of an API rather than being part of a <form>, etc. 

> I also wonder what David's proposal has to do with another Mozilla effort in
  the area : https://wiki.mozilla.org/Labs/Secret

The "Secret" project seems to have fizzled out, never getting past the brainstorming phase. That being said a lot of the functionality of my implementation stems from the Weave (now Sync) project at Mozilla, which presumably may have been some of the underpinnings of the "Secret" project - at least in theory.

Regards,

David



More information about the whatwg mailing list