Re: RFC 8252 is a complete joke

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 7/5/23 1:11 AM, Rob Wilton (rwilton) wrote:

Hi Mike,

I have thought about bringing my webcrypto-only login/enrollment to IETF for standardization but I'm not sure what the venue might be. It doesn't require webcrypto per se -- webcrypto is just a shim of normal crypto available to anything that has crypto library access, after all. So it would work for anything -- native apps, headless apps, etc. But it seems to be pushing on string for anybody to care. Vested Interests for $2000, Alex. It's the curse of public key cryptography in general.

SECDISPATCH would seem like a reasonable starting place, or maybe SAAG if you wanted to present more generally on the perceived problem space.  If you already know that this is a bigger problem that you are trying to solve then perhaps side meetings to try gather some interest then a BOF.

I don't go to IETF meetings, so that's a non-starter. I'm not familiar with SECDISPATCH, but SAAG might be the right place as this is a more general problem than just web stuff. My main question about bringing this up has been that it is about protocol agreement between two entities that are controlled by the same party. In the web case, that means that the same party controls the server and the client _javascript_ so there really isn't an interoperability problem, per se. On the other hand, it's generally bad to roll your own security protocol without review. The work I did in my implementation of this seems right to me, but it would certainly not hurt to have some clue focus on it. So I remain conflicted.

Mike

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux