>I did a quick DOMCrypt presentation at the All Hands last week. It went well, a lot of helpful and smart people showed up. I am thinking about all of the improvements that need to be made in the coming weeks to make DOMCrypt better.
There are 3 obvious things to do now:
1. Namespace the API to allow for future additional APIs
2. move all heavy-lifting work to a ChromeWorker
3. DOMCrypt needs a story – an understandable message – so that Web Developers and web users can understand the possibilities and the risks of not being in control of their data. Even talking about cryptography makes people’s eyes glaze over, so the move to simplify the nomenclature is essential.
The main story is a familiar one at Mozilla: User Control. Web users should be able to control who reads what they write online. To everyone else, the message is a garbled stream of incoherent data. This should be the default mode in online communication – default and easy.
A fourth item is to figure out how to inter-operate with existing Crypto standards. This is a very large undertaking, so I am not sure how it will play out yet. I have a lot of reading to do. I would like to have an elegant, “webby” toolkit that is easy to use and make available ASAP. Getting bogged down in standardization may work against this. Right now, I think supporting existing standards should be a long term goal which will be achieved via future APIs.