- From: David Dahl <ddahl@mozilla.com>
- Date: Wed, 11 Jul 2012 17:38:11 -0700 (PDT)
- To: Harry Halpin <hhalpin@w3.org>
- Cc: Ryan Sleevi <sleevi@google.com>, Seetharama Rao Durbha <S.Durbha@cablelabs.com>, public-webcrypto@w3.org, Mike Jones <Michael.Jones@microsoft.com>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
----- Original Message ----- > From: "Harry Halpin" <hhalpin@w3.org> > To: "Vijay Bharadwaj" <Vijay.Bharadwaj@microsoft.com> > Cc: "Ryan Sleevi" <sleevi@google.com>, "Seetharama Rao Durbha" <S.Durbha@cablelabs.com>, public-webcrypto@w3.org, > "David Dahl" <ddahl@mozilla.com>, "Mike Jones" <Michael.Jones@microsoft.com> > Sent: Wednesday, July 11, 2012 7:23:31 PM > Subject: Re: ISSUE-1: Mandatory algorithms (was Re: ISSUE-3: Algorithm discovery) > > Note that I have always been neutral as regards MUST-IMPLEMENT and > SHOULD. > > I'm worried over only MAY implement, for the reason that I just want > to > see *something* work in the API besides error messages and that I'm > not > sure if I can honestly say that two or more inter-operable > implementations of just error messages is enough to get us past > Candidate Rec stage. Those less technically involved in the details > within industry and the W3C may be skeptical of the interop benefits > of > standardization in that case. For this reason, previous W3C WGs in > this > area such as XMLDSIG and XMLENC both have at least *two* independent > mandatory-to-implement algorithms when possible, in case one breaks > during the life of standard. While I'm not really worried about MUST > vs. > SHOULD, I'm worried about test-cases and getting to CR. > > So, I think we can agree: > > 1) Having a common subset of algorithms that we can test, and thus > achieve CR status, is useful and developers will need such assurances > at > least for increasing adoption of the API. > > 2) A MUST-IMPLEMENT is for various reasons argued on the mailing list > is > a bad idea. > > Thus, I propose that we resolve this issue by doing a much weaker > version of what XML-DSIG and XML-ENC did, to have no MUST IMPLEMENT > but > instead a recommended SHOULD implement. The WebCrypto API should have > a > subset (at least two or more) of recommended algorithms that we build > test-cases along to move to CR, but no strict conformance testing > that > requires a MUST-IMPLEMENT, as we recognize those algorithms may > change > and are use-case dependent. Thus, there will be *no* MUST-IMPLEMENT, > but recommended SHOULD implement. > > Is that weaker stance as regards recommended algorithms with > test-cases > also being objected to, or are we happier with that? > I like this approach. This seems like a way to no paint ourselves into a corner with all of the regulatory issues and browser vendor maintenance in mind. David
Received on Thursday, 12 July 2012 00:38:39 UTC