On 5/18/2010 2:17 PM, Eddy Nigg wrote:
On 05/18/2010 10:37 PM, From johnjbarton:
2) Openness and encouragement of better API and UI for mozilla
security solutions (concretely your fabulous resources are effectively
out of reach for JS developers, it's a real shame)
...but I'm certain that concrete proposals for either would be welcome...
I would suggest to start with digital signature, absent authentication.
As far as I know there are four mozilla related solutions in this space,
mccoy: https://wiki.mozilla.org/McCoy
A simple PKI API buried in an RDF mess.
weave: http://hg.mozilla.org/labs/weave/file/tip/crypto/WeaveCrypto.js
A broad js-ctypes API regretably bound in to Weave.
Subrata Mazumdar's XML Digital Signature Tool add on.
A too complicated solution packaged as an add on.
Signed Scripts in Mozilla
A too complicated solution to something.
I think JS API like Townsend used in mccoy but implemented like Justin
Dolske did for weave, and provided as part of the platform would allow
digital signatures to be generated in addons easily. The platform
already supports verifying these signatures (as is done for update.rdf now).
It's a small step but it would provide a model for more access to
digital security tools for developers who work on user interfaces. With
better tools we can encourage more experiments and that will create more
ideas.
A critically important component is clear descriptions of the great
tools you have created, ways of related them to pages like
http://en.wikipedia.org/wiki/Public-key_cryptography. Because to be
honest we don't understand the truly daunting list of acronyms on
http://www.mozilla.org/projects/security/pki/nss/overview.html
Straight-forward JS access and clear example-oriented documentation is a
recipe for UI developer engagement, it's what made Web 2.0 happen.
jjb
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
