CIPHER – whiteboarding on open-source language for consistent cross-platform CRYPTO
Cipher (W3H)
Convener: Chris K.
Notes-taker(s): Chris K.
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Cipher programming language: session led by Christopher Kula (cjkula@gmail.com)
Cipher: lightweight programming language for cross-platform crypto http://cipher-lang.wikispaces.com/
Being developed to provide a layer of dependability and abstraction to consistently implement cryptographic algorithms and other data transformations between diverse platforms. Currently in parallel development in both JavaScript and Ruby, development being driven from the same suite of RSpec test. It is one approach to crytpo-in-the-browser.
Existing language in same space is "Cryptol", which is proprietary code owned by Isaac's employer, Galois: http://corp.galois.com/cryptol/ HOWEVER, the spec is open source, so worth considering an open implementation. Could be a possible alternative to further Cipher development?
- Review some possible language structures
- Discussion of security issues with running crypto in the browser
- Discussion of decentralized identity using browser-created keys
- Discussion of issues being encountered by W3 surrounding crypto in the browser, including sandboxing
(There are few people that understand all the relevant issues, and they are very busy!)
Related W3 working group: http://www.w3.org/2012/webcrypto/
What might a common crypto language need?
- consider common needs of crypto algorithms. What are the typical shared abstractions?
- mutli-threading for use in a server or cloud context
- modular back end: hub and spoke design
- task time estimation
- secure execution space assurances
- algorithm validation / verification