DOMCryptInternalAPI
Status
| DOMCryptInternalAPI | |
| Stage | Draft |
| Status | In progress |
| Release target | N/A |
| Health | OK |
| Status note | ` |
{{#set:Feature name=DOMCryptInternalAPI
|Feature stage=Draft |Feature status=In progress |Feature version=N/A |Feature health=OK |Feature status note=` }}
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | David Dahl |
| Lead engineer | David Dahl |
| Security lead | Brian Smith |
| Privacy lead | Sid Stamm |
| Localization lead | n/a |
| Accessibility lead | n/a |
| QA lead | Undetermined |
| UX lead | Undetermined |
| Product marketing lead | Undetermined |
| Operations lead | Undetermined |
| Additional members | n/a |
{{#set:Feature product manager=Sid Stamm
|Feature feature manager=David Dahl |Feature lead engineer=David Dahl |Feature security lead=Brian Smith |Feature privacy lead=Sid Stamm |Feature localization lead=n/a |Feature accessibility lead=n/a |Feature qa lead=Undetermined |Feature ux lead=Undetermined |Feature product marketing lead=Undetermined |Feature operations lead=Undetermined |Feature additional members=n/a }}
Open issues/risks
This API should obey private browsing mode, but also integrate well with PSM/NSS, in which case the keystore does not know about Private Browsing. We may need to tie the key storage to Places or something new.
Stage 1: Definition
1. Feature overview
DOMCryptInternalAPI is the PSM code that will generate keypairs, sign, verify, hash, hmac, encrypt and decrypt data. The scriptable interface will reside outside of PSM, consuming this API and providing a simpler abstraction for DOMCrypt, a WebAPI currently being standardized by the W3C via the Web Cryptography Working Group. This API will also be useful to extension developers and the AddonSDK
2. Users & use cases
- DOMCrypt's DOM bindings ( W3C Web Crypto WG ) will consume this API for all crypto-related functionality
- Extension developers can use this API for any number of signature, hashing, hmac, encrypt and decrypt operations. The API is intended to be relatively easy to use and high-level, only allowing configuration of algorithm and key bits properties
- Mozilla engineers can use this API to experiment in the Privacy, Security and Identity space within browsers more easily than using NSS or more complicated PSM APIs.
- For example: NGOs, human rights organizations and business can use this API to build extensions that improve application security, provide psuedo-anonymity and browser-based encrypted messaging or business transactions.
3. Dependencies
`
4. Requirements
`
Non-goals
- Exposing low-level crypto primitives that can potentially backfire on programmers without deep cryptography understanding
Stage 2: Design
5. Functional specification
This API will need to support the DOM API designed by the W3C Web Crypto WG. The latest - and soon changing spec is here: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=This API should obey private browsing mode, but also integrate well with PSM/NSS, in which case the keystore does not know about Private Browsing. We may need to tie the key storage to Places or something new. |Feature overview=DOMCryptInternalAPI is the PSM code that will generate keypairs, sign, verify, hash, hmac, encrypt and decrypt data. The scriptable interface will reside outside of PSM, consuming this API and providing a simpler abstraction for DOMCrypt, a WebAPI currently being standardized by the W3C via the Web Cryptography Working Group. This API will also be useful to extension developers and the AddonSDK |Feature users and use cases=* DOMCrypt's DOM bindings ( W3C Web Crypto WG ) will consume this API for all crypto-related functionality
- Extension developers can use this API for any number of signature, hashing, hmac, encrypt and decrypt operations. The API is intended to be relatively easy to use and high-level, only allowing configuration of algorithm and key bits properties
- Mozilla engineers can use this API to experiment in the Privacy, Security and Identity space within browsers more easily than using NSS or more complicated PSM APIs.
- For example: NGOs, human rights organizations and business can use this API to build extensions that improve application security, provide psuedo-anonymity and browser-based encrypted messaging or business transactions.
|Feature dependencies=` |Feature requirements=` |Feature non-goals=* Exposing low-level crypto primitives that can potentially backfire on programmers without deep cryptography understanding |Feature functional spec=This API will need to support the DOM API designed by the W3C Web Crypto WG. The latest - and soon changing spec is here: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | P2 |
| Rank | 999 |
| Theme / Goal | Privacy |
| Roadmap | Security |
| Secondary roadmap | Privacy |
| Feature list | Platform |
| Project | ` |
| Engineering team | Security |
{{#set:Feature priority=P2
|Feature rank=999 |Feature theme=Privacy |Feature roadmap=Security |Feature secondary roadmap=Privacy |Feature list=Platform |Feature project=` |Feature engineering team=Security }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | Under development | The initial patch is being worked on via bug 649154 |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=Under development |Feature engineering notes=The initial patch is being worked on via bug 649154 |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}