Privacy/Features/DOMCryptAPI
Status
| DOMCryptAPI (a Crypto API in the DOM) | |
| Stage | Shelved |
| Status | ` |
| Release target | ` |
| Health | ` |
| Status note | THIS API DESIGN IS SUPERSEDED BY http://www.w3.org/2012/webcrypto/WebCryptoAPI/ Currently a Firefox Extension as well as the 'strawman' proposal for a new W3C standard, DOMCrypt adds a new Window property that wraps NSS crypto functions, see https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest and http://www.w3.org/2011/11/webcryptography-charter.html |
{{#set:Feature name=DOMCryptAPI (a Crypto API in the DOM)
|Feature stage=Shelved |Feature status=` |Feature version=` |Feature health=` |Feature status note=THIS API DESIGN IS SUPERSEDED BY http://www.w3.org/2012/webcrypto/WebCryptoAPI/
Currently a Firefox Extension as well as the 'strawman' proposal for a new W3C standard, DOMCrypt adds a new Window property that wraps NSS crypto functions, see https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest and http://www.w3.org/2011/11/webcryptography-charter.html }}
Team
| Product manager | Chris Blizzard |
| Directly Responsible Individual | Sid Stamm |
| Lead engineer | David Dahl |
| Security lead | Brian Smith |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | Juan Becerra |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Chris Blizzard
|Feature feature manager=Sid Stamm |Feature lead engineer=David Dahl |Feature security lead=Brian Smith |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=Juan Becerra |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
DOMCrypt gives web developers and endusers control over who data is shared with in plain text. DOMCrypt will provide Public Key Encryption, Symmetric Encryption, HMAC, and Hashing to DOM scripting.
Goal: Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox
2. Users & use cases
See https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases
3. Dependencies
`
4. Requirements
- Elegant Public Key encryption API
- Elegant Symmetric (DH key exchange) Encryption API
- Hashing API
- HMAC API
- Off main thread API methods
- User and web developer evangelism
- Plan for standardization: see http://www.w3.org/2011/11/webcryptography-charter.html
Non-goals
- Initially supporting complex Crypto standards
- Hardware device support
Stage 2: Design
5. Functional specification
Draft spec: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
Also See http://domcrypt.org and https://github.com/daviddahl/domcrypt
6. User experience design
This is a JavaScript DOM API - it's draft spec specifies no UI at this time. The experience will be a mostly asynchronous API
Stage 3: Planning
7. Implementation plan
Next Steps
- Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
- Check! See the webkit bug: https://bugs.webkit.org/show_bug.cgi?id=62010
- Develop an implementation schedule
- Port extension over to Firefox/DOM code: underway
- Test suite - underway
- Will integrate DOMCryptAPI with window.crypto
Background
- This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto
8. Reviews
Security review
Review by Brian Smith, additional superreview will be required - perhaps by WTC or Kai Engert
Privacy review
TBD
Localization review
N/A
Accessibility
N/A
Quality Assurance review
TBD
Operations review
TBD
Stage 4: Development
9. Implementation
The implementation may re-use the extension code after it is refactored to use ArrayBufferViews and the internal secure key store, with a final implementation that completely replaces the original extension code. The reason for this is that it has been incredibly useful and instructive to have a working implementation to demo the capabilities to web developers and privacy people. The original extension code will be replaced entirely.
The extension code uses js-ctypes witch can cause some erratic NSS behavior.
Stage 5: Release
10. Landing criteria
(TBD, not exactly sure what to put here, feel free to add some sample criteria -ddahl) {{#set:Feature open issues and risks=` |Feature overview=DOMCrypt gives web developers and endusers control over who data is shared with in plain text. DOMCrypt will provide Public Key Encryption, Symmetric Encryption, HMAC, and Hashing to DOM scripting.
Goal: Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox |Feature users and use cases=See https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases |Feature dependencies=` |Feature requirements=* Elegant Public Key encryption API
- Elegant Symmetric (DH key exchange) Encryption API
- Hashing API
- HMAC API
- Off main thread API methods
- User and web developer evangelism
- Plan for standardization: see http://www.w3.org/2011/11/webcryptography-charter.html
|Feature non-goals=*Initially supporting complex Crypto standards
- Hardware device support
|Feature functional spec=Draft spec: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
Also See http://domcrypt.org and https://github.com/daviddahl/domcrypt |Feature ux design=This is a JavaScript DOM API - it's draft spec specifies no UI at this time. The experience will be a mostly asynchronous API |Feature implementation plan===== Next Steps ====
- Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
- Check! See the webkit bug: https://bugs.webkit.org/show_bug.cgi?id=62010
- Develop an implementation schedule
- Port extension over to Firefox/DOM code: underway
- Test suite - underway
- Will integrate DOMCryptAPI with window.crypto
Background
- This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto
|Feature security review=Review by Brian Smith, additional superreview will be required - perhaps by WTC or Kai Engert |Feature privacy review=TBD |Feature localization review=N/A |Feature accessibility review=N/A |Feature qa review=TBD |Feature operations review=TBD |Feature implementation notes=The implementation may re-use the extension code after it is refactored to use ArrayBufferViews and the internal secure key store, with a final implementation that completely replaces the original extension code. The reason for this is that it has been incredibly useful and instructive to have a working implementation to demo the capabilities to web developers and privacy people. The original extension code will be replaced entirely.
The extension code uses js-ctypes witch can cause some erratic NSS behavior. |Feature landing criteria=(TBD, not exactly sure what to put here, feel free to add some sample criteria -ddahl) }}
Feature details
| Priority | Unprioritized |
| Rank | 999 |
| Theme / Goal | Security Leadership |
| Roadmap | Security |
| Secondary roadmap | Developer Tools |
| Feature list | Platform |
| Project | ` |
| Engineering team | Security |
{{#set:Feature priority=Unprioritized
|Feature rank=999 |Feature theme=Security Leadership |Feature roadmap=Security |Feature secondary roadmap=Developer Tools |Feature list=Platform |Feature project=` |Feature engineering team=Security }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-needed | bug 744938 |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=` |Feature security notes=bug 744938 |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}
Other Documentation
David Dahl has been working on this project over the past couple of years as a side project. Starting with content-based crypto via wordpress' AES implementation, moving to WeaveCrypto-based extensions and sites like https://droplettr.com - the realization dawned that starting small is the best bet in this endeavor: a single DOM property.