[websec] W3C WebCrypto API (Javascript) First Public Working Draft: Request for Review

Harry Halpin <hhalpin@w3.org> Mon, 17 September 2012 17:06 UTC

Return-Path: <hhalpin@w3.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EF45521F8723 for <websec@ietfa.amsl.com>; Mon, 17 Sep 2012 10:06:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id akZvckEuhtPV for <websec@ietfa.amsl.com>; Mon, 17 Sep 2012 10:06:05 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org []) by ietfa.amsl.com (Postfix) with ESMTP id 804EE21F8720 for <websec@ietf.org>; Mon, 17 Sep 2012 10:06:05 -0700 (PDT)
Received: from [] (helo=[]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <hhalpin@w3.org>) id 1TDelo-0004ag-SZ for websec@ietf.org; Mon, 17 Sep 2012 13:06:05 -0400
Message-ID: <50575870.3080507@w3.org>
Date: Mon, 17 Sep 2012 19:05:52 +0200
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: websec@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [websec] W3C WebCrypto API (Javascript) First Public Working Draft: Request for Review
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2012 17:06:06 -0000

WebSec folks,

The W3C has recently released the First Public Working Draft of the W3C 
Web Crypto API [1], a Javascript API created in a W3C Working Group with 
representatives of all major browsers that will expose cryptographic 
primitives to WebApps. As you can tell, its currently only supporting 
core functionality,  but will likely be expanded over the course of next 
year. The rest of the features are going to be use-case driven and 
"secondary", see charter for details on possible future features for the 
API [2].

At this stage, we are at this stage leaving many of the issues open (14 
in total, clearly listed in the spec!) but we will need to close them 
all as soon as possible. We'd love any comments you have, please post to 

Any further questions I'd be happy to answer.

If there are any particular WGs whose use-cases we should make sure we 
handle and we should get review from, just tell me and also feel free to 
forward the e-mail along, cc'ing me if you think there may be questions. 
We are already liasoning with JOSE WG via Mike Jones.


[1] http://www.w3.org/TR/WebCryptoAPI/
[2] http://www.w3.org/2011/11/webcryptography-charter.html#scope