RE-IGNITING THE CRYPTO WARS ON THE WEB
One issue with the Web Cryptography API is that the Working Group decided to expose the low-level functionality first rather than aiming only for a high-level API aimed at the developer on the street who may not have a grasp of the finer details of cryptography. The Working Group did this on purpose after taking a survey of users , in order to allow experienced developers to build the functionality needed across the largest number of use-cases, but a "high-level" API similar to KeyCzar that makes using cryptography easy for Web developers will also be presented. A second issue is that the current Web Cryptography API exposes legacy cryptographic algorithms that can be used insecurely, which was done in the draft to allow Web Application developers to create applications with interoperability with widely used applications such as GPG, SSH, and the like. A number of thorny issues will be presented, and feedback from the audience will be encouraged.
Speaker: Harry Halpin
Event: 29th Chaos Communication Congress (29c3) by the Chaos Computer Club [CCC]
Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
Start: 27.12.2012 17:15:00 +01:00