From W3C Web Cryptography Wiki
Jump to: navigation, search

Survey Analysis

2012-06-07 (ddahl)



The responses to the survey were informative. Potential users of this API are most interested in public key encryption, symmetric encryption and digital signatures. The users of the API are everyday web users doing everything from secure messaging to online banking and e-commerce. The top response for data to be processed was 'messages', either email-like, update or chat messaging. Digital signatures followed. The data is being processed to protect the contents of the messages from even the service provider, server compromises and transit of intermediate networks. A standard cross-browser API is highly desirable along with access to the system's key store along with persistent key storage. A low-level API seems to be more in demand for such reasons as being able to build a larger variety of applications and interoperability with existing protocols. The main respondees were application developers and open source developers.

More details, wordles

  • Q1: What Methods of the Crypto API are you most interested in?
    • Top Answers:
      • Public key encryption
      • Symmetric encryption
      • Digital Signature
    • wordle: [1]

  • Q2: In your planned usage, who are the users of this API?
    • Top Answers:
      • Everyday web users
      • Web Developers
    • In retrospect, this question could have been worded better. It should have been "What people, customers, entities will use this API via browser apps?" Example answers: Banking customers, professional work colleagues, families, etc.
    • wordle: [2]

  • Q3: What data is being processed/encrypted/signed, etc?
    • Top Answers:
      • Encrypted messages between users
      • Signing transactions
    • wordle: [3]

  • Q4: Why is this data being processed/encrypted/signed, etc?
    • Top Answers:
      • Security
      • Confidentiality
      • Untrusted Server/Networks in between users
      • Authentication
    • wordle: [4]

  • Q5: Why are you interested in a Web Crypto API?
    • Top Answers:
      • Standard cross-browser API
      • Access to system key store
      • Speed of native crypto in JS
    • wordle: [5]

  • Q6: Are you interested in a high-level, idiot-proof API or a low-level API?
    • Top Answers:
      • Low Level (23)
      • High Level (16)
    • wordle: [6]

  • Q7: What industry or organization are you involved with?
    • Top Answers:
      • Application Developer
      • Open Source Developer
    • wordle: [7]