From c702406936333fde7742c19f9091cbdd9fea086f Mon Sep 17 00:00:00 2001 From: hhalpin Date: Sat, 18 Oct 2014 11:53:42 +0200 Subject: [PATCH] added W3C Web Crypto talk --- proposed/W3C_WebCrypto.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 proposed/W3C_WebCrypto.md diff --git a/proposed/W3C_WebCrypto.md b/proposed/W3C_WebCrypto.md new file mode 100644 index 0000000..7b77e81 --- /dev/null +++ b/proposed/W3C_WebCrypto.md @@ -0,0 +1,15 @@ +#infos + +auth-name : Harry Halpin +tag : javascript, cryptography, W3C, security +advance costs : N +need room : N +Location : Boston, USA (but right now Paris!) +Can host ppl : na + + +# Javascript Web Cryptography: The Good, the Bad, and the Cryptopocalypse + +After the Snowden revelations and innumerable SSL bugs, web developers everywhere are now wanting to encrypt all the apps - and maybe TLS is not enough! However, for years Javascript crypto has been wrought with a multitude of libraries and some sketchy behavior in the runtime environment. In addition to secure origins, the W3C has been working quietly for last three years with all major browser vendors to roll out the W3C Web Cryptography API, already in Mozilla, Chrome, and Internet Explorer. The W3C WebCrytpo API that exposes as a normalized, standard, constant-time functions the basic primitives of cryptography needed: PRNG, encryption, decryption, key derivation, key wrapping, and more. We'll give a quick overview of the API, related work like Javascript Web Keys, and demo of some working code. Also, we're not done yet: There's still open issues ranging from battles over algorithm extensibility and the Cryptopocalypse - issues that must be solved for the WebCrypto API to be a full Recommendation. + + Javascript Web Cryptography is only the first small step in a secure Web. Next up is getting the secure key storage and third-party Javascript code verification the Web needs. Lastly, we'll outline how anyone can get involved to help build open standards to build what Tim Berners-Lee calls the "Web We Want" - and stop the Web from being subverted.