Open hannosch opened 8 years ago
rnewman
commented
8 years ago Bear in mind that your future life might be easier if you stick with stuff that's supported by iOS and Android. I haven't done the digging myself, but if mobile clients are on your roadmap, then it's probably worth some time to look.
ekr
commented
8 years ago Whatever JS library you are using should be using WebCrypto, which, at least on Android, should be the same as on desktop.
On Wed, Aug 24, 2016 at 8:31 AM, Richard Newman notifications@github.com wrote:
Bear in mind that your future life might be easier if you stick with stuff that's supported by iOS and Android. I haven't done the digging myself, but if mobile clients are on your roadmap, then it's probably worth some time to look.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mozilla/miracle/issues/6#issuecomment-242107481, or mute the thread https://github.com/notifications/unsubscribe-auth/ABD1oRFC46KTqmBxlB8kpREJmSLRK9bVks5qjGO3gaJpZM4Jr-qF .
rnewman
commented
8 years ago Most service clients on iOS and Android aren't implemented in JS, for obvious background/memory usage/power/scheduling/OS integration reasons.
I don't know if that same decision process applies here, but I'd be inclined to think that anything that bundles up stuff into a payload and uploads it would be a native background service, like everything else we care about.
ekr
commented
8 years ago Based on the Hanno's original comment it appears that this is implemented in JS
On Wed, Aug 24, 2016 at 8:49 AM, Richard Newman notifications@github.com wrote:
Most service clients on iOS and Android aren't implemented in JS, for obvious background/memory usage/power/scheduling/OS integration reasons.
I don't know if that same decision process applies here, but I'd be inclined to think that anything that bundles up stuff into a payload and uploads it would be a native background service, like everything else we care about.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mozilla/miracle/issues/6#issuecomment-242114536, or mute the thread https://github.com/notifications/unsubscribe-auth/ABD1oYcwhA-H7-J5j_vB8ZuHJBpAbMqmks5qjGgJgaJpZM4Jr-qF .
rnewman
commented
8 years ago “If mobile clients are on your roadmap”…
ekr
commented
8 years ago If your position is that mobile clients preclude JS, then if mobile clients are on their roadmap, they are going to have much bigger problems than the availability of specific algorithms.
hannosch
commented
8 years ago To clarify, at the moment we are only targeting a Firefox Desktop (shield) add-on and there are no plans to extend this specific experiment to other platforms. I've filed this here as a reminder, that we should look at EC if we are extending this in the future.
The JS library we use is based on WebCrypto and has a compatibility table in its readme: https://github.com/square/js-jose/#algorithms-exposed-by-this-library
rnewman
commented
8 years ago Great! That makes life easier.
We currently use RSA-OAEP with A256GCM for encrypting the payload. It would be nice if we could use one of the ECDH-ES (elliptic curve) key management algorithms instead. While this is supported by our Python library (latchset/jwcrypto), it isn't supported by our JS library (square/js-jose).