CIPHER – whiteboarding on open-source language for consistent cross-platform CRYPTO
Convener: Chris K.
Notes-taker(s): Chris K.
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Cipher programming language: session led by Christopher Kula (firstname.lastname@example.org)
Cipher: lightweight programming language for cross-platform crypto http://cipher-lang.wikispaces.com/
Existing language in same space is "Cryptol", which is proprietary code owned by Isaac's employer, Galois: http://corp.galois.com/cryptol/ HOWEVER, the spec is open source, so worth considering an open implementation. Could be a possible alternative to further Cipher development?
- Review some possible language structures
- Discussion of security issues with running crypto in the browser
- Discussion of decentralized identity using browser-created keys
- Discussion of issues being encountered by W3 surrounding crypto in the browser, including sandboxing
(There are few people that understand all the relevant issues, and they are very busy!)
Related W3 working group: http://www.w3.org/2012/webcrypto/
What might a common crypto language need?
- consider common needs of crypto algorithms. What are the typical shared abstractions?
- mutli-threading for use in a server or cloud context
- modular back end: hub and spoke design
- task time estimation
- secure execution space assurances
- algorithm validation / verification